Commit Graph

5116 Commits

Author SHA1 Message Date
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Ivan Krylov
1110a6fa63 Add ChangeLog entry 2018-03-28 17:25:12 +03:00
Ivan Krylov
c501f9cbb9 mbedtls_net_bind: ip_len can be NULL if client_ip is null 2018-03-28 17:21:54 +03:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Jaeden Amero
7eaea0b12b Merge remote-tracking branch 'upstream-public/pr/1527' into mbedtls-2.1-proposed
Fixes #1299, fixes #1475 for the 2.1 branch
2018-03-28 12:51:23 +01:00
Gilles Peskine
f362b97415 Add ChangeLog entry
Fixes #1299. Fixes #1475.
2018-03-27 23:22:37 +02:00
Deomid Ryabkov
e42510305f Fix some test deps
* Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`.
 * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually.

Fixes https://github.com/ARMmbed/mbedtls/issues/1475
2018-03-27 23:22:34 +02:00
Andres Amaya Garcia
47569d7384 Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:34:15 +01:00
Andres Amaya Garcia
748ddda494 Fix test dependencies of pkcs5 pbs2 on asn1 parse 2018-03-27 21:33:07 +01:00
Andres Amaya Garcia
624b557e56 Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:33:05 +01:00
Marcos Del Sol Vives
a3ee13d199 Compile PBES2 in PKCS5 only if ASN1 is enabled 2018-03-27 21:33:02 +01:00
Andres Amaya Garcia
aa3ff98b1d Fix shared library lookup on Mac OS X when running tests 2018-03-27 20:08:04 +01:00
Andres Amaya Garcia
9b2c5b7202 Make DLEXT var configurable in programs and tests makefiles 2018-03-27 20:08:03 +01:00
Andres Amaya Garcia
bc00667a90 Improve ChangeLog for DLEXT and AR_DASH changes 2018-03-27 20:07:52 +01:00
Andres Amaya Garcia
83bffd353e Add ChangeLog entry for library/makefile changes 2018-03-26 00:15:21 +01:00
Andres Amaya Garcia
b3ac0ff722 Allow overriding ar param prefix in library/Makefile 2018-03-26 00:12:55 +01:00
Andres Amaya Garcia
23e520143d Make DLEXT var configurable in library/Makefile 2018-03-26 00:12:53 +01:00
Gilles Peskine
f22c59bc15 Fix some comments regarding what files are symlinked 2018-03-23 14:38:14 +01:00
Gilles Peskine
eea857dc0d Add ChangeLog entry 2018-03-23 14:38:14 +01:00
Jaeden Amero
f8270e30d9 Merge remote-tracking branch 'upstream-restricted/pr/457' into mbedtls-2.1 2018-03-23 11:16:30 +00:00
Gilles Peskine
d888bd2c65 Add changelog entries for improved testing
Fixes #1040
2018-03-23 02:29:49 +01:00
Gilles Peskine
9a05d1a765 Add missing dependencies in test_suite_x509parse
Found by depends-hashes.pl and depends-pkgalgs.pl.
2018-03-23 02:29:02 +01:00
Gilles Peskine
a19316965d all.sh --keep-going: properly handle multiple-builds scripts
In keep-going mode, if a multiple-builds script fails, record its
status and keep going.
2018-03-23 02:29:00 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
387ff07157 Make matching more robbust in generate_errors.pl 2018-03-22 15:46:22 +01:00
Andres Amaya Garcia
8936ffe66a Ensure that only .h files are parsed in generate_errors.pl 2018-03-22 15:46:21 +01:00
Andres Amaya Garcia
4a91c1a0b5 Change generate_errors.pl to call perl grep
Change the script generate_errors.pl to call the grep function in Perl
instead of calling the external tool grep directly as this causes
problems when ANSI escape sequences are included in the grep output
string.
2018-03-22 15:46:16 +01:00
Andres Amaya Garcia
2a0aee3163 Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:40:48 +00:00
Gergely Budai
0a91973e4b Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:32:47 +00:00
Paul Bakker
3d72b5d688 Add end guard comment 2018-03-21 15:29:35 +00:00
Embedthis Software
d641260987 Fix single threaded builds 2018-03-21 15:29:01 +00:00
Andres Amaya Garcia
09d787f2fc Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:24:32 +00:00
Mitsuhiro Nakamura
e00964d9a7 Fix dylib linking 2018-03-21 11:21:59 +00:00
Gilles Peskine
aebcfbb034 all.sh: Verify out-of-tree testing with CMake
Run a test case in ssl-opt.sh to validate that testing works in an
out-of-tree CMake build.
2018-03-21 12:17:20 +01:00
Gilles Peskine
00de2fd3dd all.sh: fix cleanup happening during an out-of-tree build 2018-03-21 12:16:57 +01:00
Gilles Peskine
341ea25724 all.sh: be more conservative when cleaning up CMake artefacts
Only delete things that we expect to find, to avoid deleting other
things that people might have lying around in their build tree.
Explicitly skip .git to avoid e.g. accidentally matching a branch
name.
2018-03-21 12:15:06 +01:00
Gilles Peskine
cd0265ec85 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:12:47 +01:00
Gilles Peskine
37c88db612 all.sh: support armcc path options for compatibility with later Mbed TLS
Use $ARMC5_BIN_DIR or --armc5-bin-dir to set the location of
armcc (version 5), for compatibility with later versions of Mbed TLS.
Ignore --armc6-bin-dir for the same reason, since in 2.1 we only test
with a single version of armcc and we expect version 5. Keep
defaulting to armcc in the $PATH for backward compatibility with the
2.1 branch.
2018-03-21 12:01:20 +01:00
Gilles Peskine
32d9293dcf all.sh: add --no-yotta for compatibility with later Mbed TLS
Allow scripts to run all.sh --no-yotta unconditionally. --no-yotta
just happens to be a no-op in 2.1 since 2.1's all.sh doesn't do
anything with Yotta.
2018-03-21 12:01:12 +01:00
Gilles Peskine
243bb4ce65 all.sh: add opposites to all boolean options
All options can now be overridden by a subsequent option, e.g.
"all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This
allows making wrapper scripts with default options and occasionally
overriding those options when running the wrapper script.
2018-03-21 10:11:12 +01:00
Gilles Peskine
7efa8cf456 all.sh: option parsing: reduce vertical spread
Only whitespace changes.
2018-03-21 10:04:49 +01:00
Gilles Peskine
823734b96c Robustness fix in mbedtls_ssl_derive_keys
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-19 19:06:08 +01:00
mohammad1603
89c12ecfb5 Avoid wraparound on in_left
Avoid wraparound on in_left
2018-03-19 07:15:50 -07:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor
329e4d572b Addres review comments
Resolves comments raised in the review
2018-03-15 15:09:28 +00:00
Ron Eldor
f71ce5229e Add log and fix stle issues
Address Andres comments of PR
2018-03-15 15:09:28 +00:00
Ron Eldor
82712a9c97 Write correct number of ciphersuites in log
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00