Commit Graph

5012 Commits

Author SHA1 Message Date
Andres Amaya Garcia
b61b9ccf80 Fix typo and bracketing in macro args 2018-01-22 22:32:19 +01:00
Ron Eldor
1ac9aa7085 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:03:12 +01:00
Ron Eldor
998a4de3fa Fix Changelog notation
Remove backticks, since ChangeLog is not in MarkDown
2018-01-22 19:14:11 +02:00
Ron Eldor
a1413e05e9 Fix compilation error with Mingw32
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
2018-01-22 19:06:57 +02:00
Gilles Peskine
f700ef38fa Add ChangeLog entry 2018-01-22 14:38:53 +01:00
Gilles Peskine
784f41c90d wait_server_start: warn if lsof is not available
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
2018-01-22 11:24:01 +01:00
Manuel Pégourié-Gonnard
3f69e54f3b Increase waiting times compat.sh and ssl-opt.sh
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
2018-01-22 11:23:58 +01:00
Hanno Becker
31b37f6edd Use free + init to reset accumulator in entropy module
The SHA-256 / SHA-512 context used for entropy mixing in entropy.c
was previously reset by zeroization. The commit replaces this by
a pair of calls to `mbedtls_shaxxx_init` and `mbedtls_shaxxx_free`
which is safe also for alternative implementations of SHA-256 or
SHA-512 for which zeroization might not be a proper reset.
2018-01-17 23:12:53 +00:00
Micha Kraus
1741db9d7e fix bug in get_one_and_zeros_padding()
add test case (“0000000082”) which fails with the old implementation.
2018-01-17 23:58:14 +01:00
Hanno Becker
4ecd34f86c Adapt ChangeLog 2018-01-17 17:47:58 +00:00
Hanno Becker
1cc67a0d0e Add missing calls to sha{256/512}_{init/free} in entropy module
The entropy context contains a SHA-256 or SHA-512 context for entropy
mixing, but doesn't initialize / free this context properly in the
initialization and freeing functions `mbedtls_entropy_init` and
`mbedtls_entropy_free` through a call to `mbedtls_sha{256/512}_init`
resp. `mbedtls_sha{256/512}_free`. Instead, only a zeroization of the
entire entropy structure is performed. This doesn't lead to problems
for the current software implementations of SHA-256 and SHA-512 because
zeroization is proper initialization for them, but it may (and does)
cause problems for alternative implementations of SHA-256 and SHA-512
that use context structures that cannot be properly initialized through
zeroization. This commit fixes this. Found and fix suggested by ccli8.
2018-01-17 17:47:58 +00:00
Jaeden Amero
1010760d91 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-10 13:16:26 +00:00
Jaeden Amero
5273182a20 Merge remote-tracking branch 'upstream-public/pr/1266' into mbedtls-2.1 2018-01-10 13:08:07 +00:00
Manuel Pégourié-Gonnard
022954f4bd Fix heap-buffer overread in ALPN ext parsing 2018-01-10 12:04:07 +01:00
Hanno Becker
f34f4e53c9 Adapt ChangeLog 2018-01-10 10:48:53 +00:00
Hanno Becker
b70ba9fec7 Address issues found by coverity
1) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

2) The RSA keygeneration example program contained code
   initializing an RSA context after a potentially failing
   call to CTR DRBG initialization, leaving the corresponding
   RSA context free call in the cleanup section orphaned.
   The commit fixes this by moving the initializtion of the
   RSA context prior to the first potentially failing call.
2018-01-10 10:46:18 +00:00
Gilles Peskine
92deeaa47f all.sh --keep-going: work if TERM is unset 2018-01-02 21:59:21 +01:00
Manuel Pégourié-Gonnard
47331a72e2 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  all.sh: add some documentation
  all.sh: new option --no-armcc
  all.sh: --keep-going mode
  all.sh: cleaned up usage output
  all.sh: indent
2017-12-26 10:59:02 +01:00
Manuel Pégourié-Gonnard
33df5b34f6 Merge remote-tracking branch 'public/pr/1221' into mbedtls-2.1
* public/pr/1221:
  all.sh: add some documentation
  all.sh: new option --no-armcc
  all.sh: --keep-going mode
  all.sh: cleaned up usage output
  all.sh: indent
2017-12-26 10:58:44 +01:00
Manuel Pégourié-Gonnard
c313e7e679 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  selftest: fix build error in some configurations
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: fixed an erroneous return code
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:43:51 +01:00
Manuel Pégourié-Gonnard
016b60b1ad Merge remote-tracking branch 'public/pr/1223' into mbedtls-2.1
* public/pr/1223:
  selftest: fix build error in some configurations
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: fixed an erroneous return code
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:43:17 +01:00
Gilles Peskine
855863093d Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-12-22 11:20:55 +01:00
Gilles Peskine
892c1752f7 Merge remote-tracking branch 'upstream-public/pr/1233' into mbedtls-2.1 2017-12-22 11:20:23 +01:00
Mohammad Azim Khan
075dc853fe Backport: Add option to do baremetal configuration.
Aligned with development branch and added option 'baremetal' that sets configuration for bare metal builds.
2017-12-21 17:21:56 +00:00
Gilles Peskine
d7602c2764 all.sh: add some documentation 2017-12-21 16:14:09 +01:00
Manuel Pégourié-Gonnard
87244fa253 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  compat.sh: use wait_server_start
  wait_server_start: minor efficiency improvement
2017-12-21 11:13:30 +01:00
Gilles Peskine
83cd34a39e selftest: fix build error in some configurations
Include stdlib.h for EXIT_FAILURE.
2017-12-21 11:07:37 +01:00
Gilles Peskine
36816929e5 Timing self test: shorten redundant tests
We don't need to test multiple delays in a self-test.
Save 5s of busy-wait.
2017-12-20 22:32:47 +01:00
Gilles Peskine
d39496233b Timing self test: increased duration
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
2017-12-20 21:58:25 +01:00
Gilles Peskine
e2bf3b802a Timing self test: increased tolerance
mbedtls_timing_self_test fails annoyingly often when running on a busy
machine such as can be expected of a continous integration system.
Increase the tolerances in the delay test, to reduce the chance of
failures that are only due to missing a deadline on a busy machine.
2017-12-20 21:58:25 +01:00
Gilles Peskine
a66fb3f221 selftest: allow excluding a subset of the tests
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:58:25 +01:00
Gilles Peskine
edede44d97 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:31:32 +01:00
Gilles Peskine
6d51b63316 selftest: fixed an erroneous return code 2017-12-20 20:25:03 +01:00
Gilles Peskine
9d7dfb74d1 selftest: refactor to separate the list of tests from the logic
No behavior change.
2017-12-20 20:23:46 +01:00
Gilles Peskine
105e6bcb7d Timing self test: print some diagnosis information
Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
2017-12-20 19:33:55 +01:00
Gilles Peskine
b29e70bb01 mbedtls_timing_get_timer: don't use uninitialized memory
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 19:33:48 +01:00
Gilles Peskine
02c3167b40 timing interface documentation: minor clarifications 2017-12-20 19:33:42 +01:00
Gilles Peskine
3099b43c6b Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of mbedtls_set_alarm did not set the
mbedtls_timing_alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 19:33:38 +01:00
Gilles Peskine
b9344e3266 all.sh: new option --no-armcc
With this option, don't run anything that requires armcc or yotta, so
the script can run offline.
2017-12-20 13:51:41 +01:00
Gilles Peskine
a8bf9867d4 all.sh: --keep-going mode
Add --keep-going mode to all.sh. In this mode, if a test fails, keep
running the subsequent tests. If a build fails, skip any tests of this
build and move on to the next tests. Errors in infrastructure, such as
git or cmake runs, remain fatal. Print an error summary at the end of
the run, and return a nonzero code if there was any failure.

In known terminal types, use color to highlight errors.

On a fatal signal, interrupt the run and report the errors so far.
2017-12-20 13:51:41 +01:00
Gilles Peskine
c83f57b4c6 Merge remote-tracking branch 'upstream-restricted/pr/434' into mbedtls-2.1-restricted 2017-12-19 19:49:44 +01:00
Gilles Peskine
a6901f48cb all.sh: cleaned up usage output 2017-12-19 18:41:28 +01:00
Gilles Peskine
30dfbafb82 all.sh: indent 2017-12-19 18:37:30 +01:00
Gilles Peskine
78493be3ee compat.sh: use wait_server_start
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine (execution
time reduced from ~8min to ~6min on my machine).
2017-12-19 13:33:12 +01:00
Gilles Peskine
684a517220 wait_server_start: minor efficiency improvement
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
2017-12-19 13:33:08 +01:00
Manuel Pégourié-Gonnard
4aa6f12d0c Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  Allow comments in test data files
2017-12-19 12:20:18 +01:00
Manuel Pégourié-Gonnard
86bc448e75 Merge remote-tracking branch 'public/pr/1118' into mbedtls-2.1
* public/pr/1118:
  Allow comments in test data files
2017-12-19 12:19:52 +01:00
Manuel Pégourié-Gonnard
914fd5d2c9 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  ssl-opt.sh: support fixed seed for random tests
2017-12-19 12:19:12 +01:00
Manuel Pégourié-Gonnard
157393a2f4 Merge remote-tracking branch 'public/pr/1192' into mbedtls-2.1
* public/pr/1192:
  ssl-opt.sh: support fixed seed for random tests
2017-12-19 12:18:54 +01:00
Manuel Pégourié-Gonnard
329d0904ab Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:10 +01:00