Commit Graph

5966 Commits

Author SHA1 Message Date
Jaeden Amero
fbeed6e2a5 Merge remote-tracking branch 'upstream-public/pr/1236' into development 2018-01-24 10:43:39 +00:00
Hanno Becker
616d1ca605 Add support for alternative ECJPAKE implementation
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
2018-01-24 10:36:22 +00:00
Jaeden Amero
7383062b46 Merge branch 'development' into development-restricted 2018-01-23 18:20:09 +00:00
Jaeden Amero
d1a26f19c9 Merge remote-tracking branch 'upstream-public/pr/1283' into development 2018-01-23 18:18:12 +00:00
Gilles Peskine
342d928e8d Fix proprocessor directives for MBEDTLS_RIPEMD160_ALT 2018-01-23 18:21:21 +01:00
Gilles Peskine
a381fe84ce Add HW_FAILED error codes for message digest modules
New error codes to report failures from alternative implementations of
MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-256, SHA-512.
2018-01-23 18:16:11 +01:00
Jaeden Amero
25facddba4 doxygen: Remove copyright block from Doxygen comments
Remove the copyright block from the Doxygen comments, to clean up the
detailed description in the generated Doxygen output. Also, add \file and
\brief tags to all headers in doxygen/input.
2018-01-23 15:44:39 +00:00
Darryl Green
a40a101e26 Update Doxygen file blocks to remove copyright and license information 2018-01-23 15:44:39 +00:00
Gilles Peskine
2840f945d2 Add definition of inline in md5.h 2018-01-23 11:57:19 +01:00
Gilles Peskine
41b40e6463 Merge remote-tracking branch 'upstream-restricted/pr/441' into development-restricted 2018-01-23 00:59:51 +01:00
Gilles Peskine
aaaa98cd60 Merge branch 'development-proposed' into development-restricted 2018-01-23 00:59:17 +01:00
Gilles Peskine
ff812804fb Merge branch 'pr_1239' into development-proposed 2018-01-23 00:58:13 +01:00
Gilles Peskine
cb1e5eb326 Merge branch 'pr_1000' into development-proposed 2018-01-23 00:57:34 +01:00
Gilles Peskine
550a2b036b Merge branch 'pr_1163' into development-proposed 2018-01-23 00:57:26 +01:00
Gilles Peskine
a79001e5b2 Merge remote-tracking branch 'upstream-public/pr/1167' into development-proposed 2018-01-23 00:57:04 +01:00
Gilles Peskine
50346e9f22 Merge remote-tracking branch 'upstream-public/pr/1150' into development-proposed 2018-01-23 00:56:48 +01:00
Gilles Peskine
7a0c6b8e95 Add ChangeLog entry 2018-01-22 23:16:52 +01:00
Gilles Peskine
26faa11630 Add ChangeLog entry 2018-01-22 23:13:22 +01:00
Gilles Peskine
980d203a6b Add ChangeLog entry 2018-01-22 23:10:53 +01:00
Gilles Peskine
0a96910e55 MD API deprecation: ChangeLog updates
Use the updated names for the new functions (xxx_ret instead of xxx_ext).

List the new deprecations in the appropriate sections.

Credit the independent report of the misuse of zeroizing to reset a
hash context in entropy.c.
2018-01-22 14:55:20 +01:00
Krzysztof Stachowiak
64c3703d13 Adjust exclusion list to the new working directory 2018-01-22 14:32:06 +01:00
Krzysztof Stachowiak
744a4ac672 Run doxygen only if the doxygen directory exists 2018-01-22 13:38:31 +01:00
Gilles Peskine
3e28d70813 New MD API: update version number in deprecation statements 2018-01-22 12:18:59 +01:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
15932e0cbf Fix typo in deprecation statement 2018-01-22 11:43:45 +01:00
Gilles Peskine
3c9e2b5004 wait_server_start: warn if lsof is not available
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
2018-01-22 10:29:24 +01:00
Manuel Pégourié-Gonnard
0d225daf7d Increase waiting times compat.sh and ssl-opt.sh
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
2018-01-22 10:22:09 +01:00
Krzysztof Stachowiak
a0188d6730 Have doxygen run in the doxygen directory
When the Doxywizzard GUI is used and the doxyfile is loaded, the
workind directory for doxygen is set to the location of the doxyfile.
However the Make and CMake build systems expect doxygen to be ran
from the top level directory.
This commit unifies the build system and the Doxywizzard GUI so that
all of them expect doxygen to be executed in the doxygen directory.
2018-01-19 16:21:18 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine
d40c22ba20 Merge branch 'development' into development-restricted 2018-01-17 08:03:33 +01:00
Gilles Peskine
297d7535fb Merge branch 'pr_1078' into development 2018-01-17 08:02:44 +01:00
Gilles Peskine
5098400d71 Add ChangeLog entry 2018-01-17 08:01:37 +01:00
Hanno Becker
87ae197f3e Add explicit uint truncation casts
This commit adds some explicit downcasts from `size_t` to `uint8_t` in
the RSASSA signature encoding function `rsa_rsassa_pkcs1_v15_encode`.
The truncation is safe as it has been checked beforehand that the
respective values are in the range of a `uint8_t`.
2018-01-15 15:27:56 +00:00
Hanno Becker
71b0060af7 Merge branch 'development' into iotssl-247 2018-01-15 11:31:34 +00:00
Jaeden Amero
91d49e8b6a ChangeLog: Use Steven Cooreman's correct name 2018-01-12 13:48:55 +00:00
Jaeden Amero
31f3f0b87b Merge branch 'development' into development-restricted 2018-01-10 13:17:02 +00:00
Jaeden Amero
b8ab22f646 Merge remote-tracking branch 'upstream-public/pr/1265' into development 2018-01-10 13:07:38 +00:00
Hanno Becker
997e2184c5 Adapt ChangeLog 2018-01-10 10:41:39 +00:00
Hanno Becker
adb0b2e935 Update Visual Studio project files
This commit updates the Visual Studio project file
`visualc/VS2010/mbedTLS.vcxproj` to add the newly
introduced `rsa_internal.h` and `rsa_internal.c`.
2018-01-10 10:41:00 +00:00
Hanno Becker
d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
nirekh01
d569ecfc2c Add some corrections based on code review
-Add the DHM_ALT in an alphabetical order
-Close correctly the 'extern "C" { ...'
2018-01-09 16:43:21 +00:00
Jaeden Amero
f342cb791b Merge branch 'development' into development-restricted 2018-01-09 13:16:37 +00:00
Manuel Pégourié-Gonnard
239987fd31 Fix heap-buffer overread in ALPN ext parsing 2018-01-09 13:48:38 +01:00
Jaeden Amero
0bc9e30435 Merge remote-tracking branch 'upstream-public/pr/1060' into development 2018-01-09 12:20:54 +00:00
Jaeden Amero
7de0b8aae7 Merge remote-tracking branch 'upstream-public/pr/1046' into development 2018-01-09 11:31:55 +00:00
Jaeden Amero
35285cca67 Merge remote-tracking branch 'upstream-public/pr/1027' into development 2018-01-09 10:42:03 +00:00
Hanno Becker
d485c319a5 Make small corrections to all.sh
Correct gcc flags in !MBEDTLS_SSL_CLI_C test (preexisting) and build and test
for RSA_NO_CRT in ASan mode.
2018-01-05 13:03:53 +00:00
Hanno Becker
3a760a1857 Add size check for RSA modulus to mbedtls_rsa_complete
The function `mbedtls_rsa_complete` is supposed to guarantee that
RSA operations will complete without failure. In contrast, it does
not ensure consistency of parameters, which is the task of the
checking functions `rsa_check_pubkey` and `rsa_check_privkey`.

Previously, the maximum allowed size of the RSA modulus was checked
in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead
to failure of some RSA operations, hence this check belongs to
`mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`.
This commit moves it accordingly.
2018-01-05 08:14:49 +00:00
Hanno Becker
895c5ab88e Preserve old behavior by checking public key in RSA parsing function
The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
2018-01-05 08:08:09 +00:00
Hanno Becker
efeef6cf03 Correct typo in bignum.h 2018-01-05 08:07:47 +00:00