Commit Graph

10086 Commits

Author SHA1 Message Date
Janos Follath
4c987e2c83
Merge pull request #2993 from yanesca/bump-version-2.20.0
Bump version to Mbed TLS 2.20.0
2020-01-28 11:31:57 +00:00
Manuel Pégourié-Gonnard
042c5e4217
Merge pull request #3000 from gilles-peskine-arm/changelog-2.20.0
Add changelog entries for the crypto changes in 2.20.0
2020-01-28 09:38:30 +01:00
Janos Follath
4c736fb6a8 Update Mbed Crypto SO version
The recent update changed the Mbed Crypto SO version, get Mbed TLS in
sync.
2020-01-27 16:37:14 +00:00
Janos Follath
ceceedb532 Update Mbed Crypto to 3.0.1 2020-01-27 16:23:55 +00:00
Gilles Peskine
e3b285d2c8 Add crypto security fixes merged after mbedcrypto-3.0.0 2020-01-27 14:24:19 +01:00
Gilles Peskine
50f577067c Fix GitHub repository indications for crypto changes in 2.20
The content was originally written for mbed-crypto. Change pull
request references to be relative to mbedtls instead.
2020-01-22 19:02:59 +01:00
Gilles Peskine
8c7d2c25a4 Remove markdown artifacts 2020-01-22 19:02:09 +01:00
Gilles Peskine
6a4c340c36 Add changelog entries for the crypto changes in 2.20.0
Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0)
and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
2020-01-22 18:28:24 +01:00
Janos Follath
83f33d33eb Bump version to Mbed TLS 2.20.0 2020-01-20 14:52:29 +00:00
Jaeden Amero
dbcb44202c Update Mbed Crypto to 3.0.0 2020-01-15 18:08:44 +00:00
Jaeden Amero
d56a2af3f8 Add date to ChangeLog for 2.20.0 release 2020-01-15 18:07:20 +00:00
Janos Follath
dbd3304e8f Merge branch 'development' into development-restricted 2020-01-15 16:06:15 +00:00
Jaeden Amero
252faff19f
Merge pull request #2966 from dgreen-arm/fix-pylint-warnings
Sideport: Fix some pylint warnings
2019-12-20 16:07:07 +00:00
Darryl Green
fb5faa2582 Fix some pylint warnings
Add docstrings where they were missing and fix a too-long line
2019-12-20 15:14:59 +00:00
Jaeden Amero
ccdeb47cdf
Merge pull request #2958 from yanesca/iotcrypt-942-initialise-return-values
Initialize return values to an error
2019-12-19 11:33:03 +00:00
Janos Follath
73c616bdc1 Put includes in alphabetical order
The library style is to start with the includes corresponding to the
current module and then the rest in alphabetical order. Some modules
have several header files (eg. ssl_internal.h).

The recently added error.h includes did not respect this convention and
this commit restores it. In some cases this is not possible just by
moving the error.h declarations. This commit fixes the pre-existing
order in these instances too.
2019-12-19 10:27:57 +00:00
Janos Follath
df587ee6d6 Remove duplicate include statement
Now that the Error module has error codes as well and is processed by
the generate_errors script like any other module, we don't need to
include the header manually.
2019-12-19 10:27:57 +00:00
Janos Follath
d8752858fc Update crypto submodule 2019-12-19 10:27:04 +00:00
Jaeden Amero
40f923ecf7
Merge pull request #2961 from RonEld/update_readme_to_vs_2012
Update the VS version in the Readme file
2019-12-18 13:43:05 +00:00
Ron Eldor
05b44892c0 Change the version of VS
Change the miniaml version to the correct one - 2013. Revet the
VS version in the tests to 2010, since the solution file
hasn't been updated yet.
2019-12-18 14:28:18 +02:00
Ron Eldor
c5074be0ce Update the VS version in the Readme file
Update the VS version in the README file to 2012, as this is the
minimal version supported.
2019-12-18 14:00:13 +02:00
Janos Follath
865b3ebf84 Initialize return values to an error
Initializing the return values to an error is best practice and makes
the library more robust against programmer errors.
2019-12-16 15:15:16 +00:00
Janos Follath
2d20567122 Add two error codes to the Error module
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
2019-12-16 15:15:16 +00:00
Janos Follath
ab534cfd62 Fix number of allocated errors in Platform 2019-12-12 14:34:30 +00:00
Jaeden Amero
88d1c05644
Merge pull request #2953 from gilles-peskine-arm/update-crypto-20191206
Update crypto submodule
2019-12-12 12:17:11 +00:00
Jaeden Amero
caf88ff8f5
Merge pull request #2938 from yanesca/iotssl-2954-custom-io-unit-test
Mock TCP sockets and callbacks for SSL unit tests
2019-12-10 09:49:59 +00:00
Jaeden Amero
1a61d455e9
Merge pull request #2841 from k-stachowiak/improve-memory-operation-clarity
Improve clarity of a memory operation call
2019-12-09 19:54:29 +02:00
Janos Follath
c673c2cd44 Break up the ssl_mock_tcp unit test
Break the test up to three different tests for the sake of
better readability and maintainability.
2019-12-09 09:10:21 +00:00
Janos Follath
3766ba50de Add non-blocking mock TCP callbacks to SSL tests 2019-12-09 09:10:21 +00:00
Janos Follath
031827feba Add mbedtls_mock_socket to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
2019-12-09 09:10:14 +00:00
Gilles Peskine
5af2941fff Update crypto submodule
* #321: Replace config.pl by config.py
* #322: Update Mbed Crypto with latest Mbed TLS changes as of 2019-11-15
* #308: Small performance improvement of mbedtls_mpi_div_mpi()
* #324: test_psa_constant_names: support key agreement, better code structure
* #320: Link to the PSA crypto portal page from README.md
* #293: Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
* #310: Clarify test descriptions in test_suite_memory_buffer_alloc
* #307: Add ASN.1 ENUMERATED tag support
* #328: Remove dependency of crypto_values.h on crypto_extra.h
* #325: Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash

Missed listing in the previous submodule update:

* #304: Make sure Asan failures are detected in 'make test'
2019-12-06 20:30:42 +01:00
Gilles Peskine
a78acf1c6f
Merge pull request #2935 from gilles-peskine-arm/config_py-pl_error_clarity
config.pl: If python3 fails, make it clear that this isn't fatal
2019-12-06 10:09:35 +01:00
Janos Follath
6264e66ba4 Add mbedtls_test_buffer to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
2019-12-06 07:23:49 +00:00
Janos Follath
512fe9673f Fix test assert macro calls
The assert() macro in test is not available anymore. It is superseeded
by TEST_HELPER_ASSERT().
2019-11-29 10:13:32 +00:00
Gilles Peskine
6608e71032 Change ASSERT_ALLOC to take a size in elements, not bytes
`ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e.
`length * sizeof(*p)` bytes.
2019-11-29 10:13:32 +00:00
Gilles Peskine
28405300ee New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2019-11-29 10:13:32 +00:00
Gilles Peskine
987e271b16 If python3 fails, make it clear that this isn't fatal 2019-11-26 13:30:16 +01:00
Gilles Peskine
df78e496b7 Error out rather than call python on the perl script 2019-11-26 13:30:00 +01:00
Jaeden Amero
5f0ccd5a3c
Merge pull request #2931 from piotr-now/memory-info
Avoid allocating 0-length buffers for PSK. Add memory debug information to ssl_client2.
2019-11-25 15:57:22 +00:00
Piotr Nowicki
7d01ef6562 Added buffer-based mbedtls allocator support to ssl_client2 2019-11-25 15:52:48 +01:00
Piotr Nowicki
9926eaf695 Do not allow configuring zero-length PSK
fix error when calloc is called with size 0
2019-11-25 15:49:53 +01:00
Jaeden Amero
b37886935e Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Remove unused test data file
  Remove component designed to test MAX_SIGNATURE_SIZE
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509
  Update crypto submodule
  x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
  Fix mbedtls_ssl_check_record usage with ext buf
  Shorter version of mbedtls_ssl_send_fatal_handshake_failure
  Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
  Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
  Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number)
  Fix potential resource leak in sslserver2 example
  X.509: Add numerous negative parsing tests for CertificatePolicy ext
  X.509: Adapt negative parsing test for no data in CrtPolicy ext
  X.509: Move negative tests for CertificatePolicy parsing
  X.509: Remove CRT policy parsing test 'bool len missing'
2019-11-22 10:27:25 +00:00
Jaeden Amero
67ab98dcc0 Merge remote-tracking branch 'restricted/pr/661' into development-restricted
* restricted/pr/661:
  Fix buffer size in an AES example
2019-11-22 10:26:08 +00:00
Jaeden Amero
5d74241b54 Merge remote-tracking branch 'origin/pr/2854' into development
* origin/pr/2854:
  Shorter version of mbedtls_ssl_send_fatal_handshake_failure
  Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
  Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
  Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number)
2019-11-22 10:20:19 +00:00
Jaeden Amero
ed7b8b73ad
Merge pull request #2868 from k-stachowiak/fix-resource-leak-in-ssl-example
Fix potential resource leak in sslserver2 example
2019-11-22 09:57:32 +00:00
Jaeden Amero
61c8a371e0
Merge pull request #2836 from hanno-arm/x509_crt_policies_tests
X.509: Enhance negative testing for CertificatePolicy extension
2019-11-20 15:45:57 +00:00
Jaeden Amero
4ebb782578
Merge pull request #2926 from gilles-peskine-arm/pk_signature_max_size-tls-rm_521
Remove unused test data file
2019-11-15 09:43:06 +00:00
Gilles Peskine
43259ce31e Remove unused test data file
Since "Remove component designed to test MAX_SIGNATURE_SIZE",
secp521r1_prv.der is no longer used.

ec_521_prv.pem can be used for the same purpose.
2019-11-14 19:14:40 +01:00
Jaeden Amero
df8185eae3
Merge pull request #2923 from Patater/reduce-ram-pem-csr
x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
2019-11-14 16:39:48 +00:00
Gilles Peskine
b9b5f493d3
Merge pull request #2920 from gilles-peskine-arm/pk_signature_max_size-tls
Use MBEDTLS_PK_SIGNATURE_MAX_SIZE
2019-11-14 10:22:32 +01:00