Commit Graph

9045 Commits

Author SHA1 Message Date
Hanno Becker
74f1d4b6cc Extend negative testing for X.509 Subject parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
f3ca578a73 Extend negative testing for X.509 Validity parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
f59cd6b020 Extend negative testing for X.509 Issuer parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
d4b6daf70a Extend negative testing for X.509 AlgorithmIdentifier parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
1a0d3740b9 Extend negative testing for X.509 Serial number parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
baf32b8cea Extend negative testing for X.509 Version parsing 2019-06-18 17:28:54 +01:00
Hanno Becker
d6ea7252db Extend negative testing for X.509 TBS header parsing 2019-06-18 17:28:54 +01:00
Simon Butcher
f2ef573f2b Merge remote-tracking branch 'origin/pr/598' into baremetal 2019-06-18 15:00:02 +01:00
Simon Butcher
f1ff74574d Merge remote-tracking branch 'origin/pr/597' into baremetal 2019-06-18 14:58:37 +01:00
Simon Butcher
2ad7186a51 Merge remote-tracking branch 'origin/pr/575' into baremetal 2019-06-18 14:57:08 +01:00
Simon Butcher
0c7e36ccf8 Merge remote-tracking branch 'origin/pr/572' into baremetal 2019-06-18 14:56:13 +01:00
Manuel Pégourié-Gonnard
31ae7facb3 Add test for build warnings with baremetal.h 2019-06-18 12:03:51 +02:00
Manuel Pégourié-Gonnard
e83b2c2a50 Fix unused variable warnings in pkparse.c
In a reduced configuration without PEM, PKCS5 or PKCS12, armc5 found that ret
was set but not used. Fixing that lead to a new warning about the variable not
being used at all. Now the variable is only declared when it's needed.
2019-06-18 11:31:59 +02:00
Manuel Pégourié-Gonnard
070f107a61 Add --check option to scripts/baremetal.sh
Only effective together with --rom, makes two changes:
- abort in case of build warnings
- skip writing statistics

The goal is to make sure we build cleanly in the configuration used for
measuring code size, with all the compilers we use, both because we care about
that configuration and those compilers, and because any warnings would cast a
shadow on the code size measurements.

Currently the build fails with armc5 due to a pre-existing warning in PK, this
will be fixed in the next commit.

The next commit will also add an all.sh component to make sure we have no
regression in the future. (Which is the motivation for --check skipping
statistics: an all.sh component should probably not leave files around.)

While at it, fix two things:

1. The call to gcc --version was redundant with the echo line below
2. WARNING_CFLAGS shouldn't be overriden with armclang, as it would remove the
-Wall -Wextra and any directory-specific warning (such as
-Wdeclaration-after-statement in library). It's meant to be overriden only
with compilers that don't accept the default value (namely armc5 here).
2019-06-18 11:28:59 +02:00
Manuel Pégourié-Gonnard
889bbc70b6 Fix unreachable code warnings with armc5
Some TLS-only code paths were not protected by an #ifdef and while some
compiler are happy to just silently remove them, armc5 complains:

Warning:  #111-D: statement is unreachable

Let's make armc5 happy.
2019-06-18 10:56:09 +02:00
Manuel Pégourié-Gonnard
19e8132e1e Add NO_TLS to configs/baremetal.h
Was missed for some reason in commit ba8b1eb5d9
2019-06-18 10:54:25 +02:00
Jarno Lamsa
8b2608b6c2 Fix style issues 2019-06-18 11:50:11 +03:00
Jarno Lamsa
29a15c2de5 Set timer callbacks with serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa
85c238018e Fix spacing 2019-06-18 11:50:11 +03:00
Jarno Lamsa
034ae84601 Fix compiler warnings 2019-06-18 11:50:11 +03:00
Jarno Lamsa
8a91c0650a Add tests for re-init flow for context serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa
b5ff6a4ced Add option for ssl-context re-initialization flow 2019-06-18 11:50:11 +03:00
Jarno Lamsa
bff4a91827 Fix spacing 2019-06-18 11:50:11 +03:00
Jarno Lamsa
f4f8ed7e82 Allow stub implementation of the context_save for now 2019-06-18 11:50:11 +03:00
Jarno Lamsa
5737ec97a6 Address review comments for code-style issues 2019-06-18 11:50:11 +03:00
Jarno Lamsa
38061f4a17 Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-06-18 11:50:11 +03:00
Jarno Lamsa
cc281b8a54 ssl-opt.sh tests for serialization are currently using stub implementation 2019-06-18 11:50:11 +03:00
Jarno Lamsa
dcfc2a7364 Add missing slashes to tests 2019-06-18 11:50:11 +03:00
Jarno Lamsa
fa45e6005e Add serialization tests to ssl-opt.sh 2019-06-18 11:50:11 +03:00
Jarno Lamsa
cf1b6724c9 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-06-18 11:50:11 +03:00
Jarno Lamsa
f457293b57 Serialize/deserialize for ssl_server2 2019-06-18 11:50:11 +03:00
Jarno Lamsa
654e8de163 Rely on opt.exchanges for sending after serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa
d736d08618 Serialization/deserialization in ssl_client2 2019-06-18 11:50:11 +03:00
Jarno Lamsa
0ea3cfe5bf Add option for serialization in ssl_client/server2 2019-06-18 11:50:11 +03:00
Manuel Pégourié-Gonnard
11d3282f5a Add a ChangeLog entry. 2019-06-18 10:34:15 +02:00
Manuel Pégourié-Gonnard
c84511fb1f Add check for undocumented positive option 2019-06-18 10:32:25 +02:00
Manuel Pégourié-Gonnard
41efa2109e Improve documentation of PROTO_NO_TLS 2019-06-18 10:28:52 +02:00
Manuel Pégourié-Gonnard
7667afd4fc Clarify documentation of mbedtls_ssl_context_load() 2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard
cc71c77b5d Fix typos, grammar and wording in documentation 2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard
d87601e3ef Declare and document ssl_context_save()/load()
Also introduce stub definitions so that things compile and link.
2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard
91fa5bade3 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-06-18 10:09:27 +02:00
Hanno Becker
1abb159e90 Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00
Simon Butcher
c725e4b34e Merge remote-tracking branch 'origin/pr/590' into baremetal 2019-06-17 17:57:26 +01:00
Simon Butcher
01a8eb21d3 Merge remote-tracking branch 'origin/pr/585' into baremetal 2019-06-17 17:53:41 +01:00
Simon Butcher
c107850c2c Merge remote-tracking branch 'origin/pr/580' into baremetal 2019-06-17 17:48:06 +01:00
Simon Butcher
62d03b2779 Merge remote-tracking branch 'origin/pr/577' into baremetal 2019-06-17 17:46:32 +01:00
Manuel Pégourié-Gonnard
ba8b1eb5d9 Use negated option for controlling TLS support.
A positive option looks better, but comes with the following compatibility
issue: people using a custom config.h that is not based on the default
config.h and need TLS support would need to manually change their config in
order to still get TLS.

Work around that by making the public option negative. Internally the positive
option is used, though.

In the future (when preparing the next major version), we might want to switch
back to a positive option as this would be more consistent with other options
we have.
2019-06-17 15:26:34 +02:00
Jaeden Amero
418e7611f6 Merge remote-tracking branch 'origin/pr/2484' into mbedtls-2.16
* origin/pr/2484:
  Correct placement of ChangeLog entry
  Improve documentation of mbedtls_x509_get_ext()
  Adapt ChangeLog
  Always return a high-level error code from X.509 module
  Obey bounds of ASN.1 substructures
2019-06-14 15:28:42 +01:00
Jaeden Amero
8f27b4455c Merge remote-tracking branch 'origin/pr/2695' into mbedtls-2.16
* origin/pr/2695:
  UDP proxy: Don't attempt to dissect dgram into records when dropping
2019-06-14 08:55:47 +01:00
Jaeden Amero
342223e72c Merge remote-tracking branch 'origin/pr/2676' into mbedtls-2.16
* origin/pr/2676:
  Show removed symbols in abi check
2019-06-14 08:54:50 +01:00