Gilles Peskine
b72df54f9b
Merge pull request #2840 from k-stachowiak/check-bounds-of-test-intex-in-suites
...
Add lower bound check to function index lookup
2020-04-20 15:19:55 +02:00
Gilles Peskine
5a2710e9af
Merge pull request #3120 from gilles-peskine-arm/check-windows-files
...
Check Windows files for sanity as well
2020-04-20 13:59:27 +02:00
Gilles Peskine
23352a39a9
Merge pull request #3177 from mpg/fix-overflow-benchmark-dev
...
Fix arithmetic overflow in benchmark
2020-04-20 12:02:45 +02:00
Gilles Peskine
bb6b163cb0
Merge pull request #3162 from mpg/sort-lists
...
Improve formatting of lists in Makefile, CMakeLists.txt and .gitignore
2020-04-20 10:16:32 +02:00
Gilles Peskine
5c34ee14d3
Merge pull request #3118 from gilles-peskine-arm/pylint-up-to-2.4-development
...
Pass Pylint up to 2.4
2020-04-20 09:47:40 +02:00
Manuel Pégourié-Gonnard
6ff11895f4
Sort lists in .gitignore files
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
6f830251a1
Sort lists in CMakeLists.txt files
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
10a5b535f1
Sort lists in Makefiles and have one item per line
...
A file generated based on the output of `make list` from programs has been
re-generated.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:57:50 +02:00
Manuel Pégourié-Gonnard
5edd388da0
Get rid of a magic value in benchmark.c
...
Also update its value while at it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-04-17 11:28:25 +02:00
Gilles Peskine
5f69cbe2cc
Merge pull request #3155 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix
...
Unmet dependencies buffer overflow fix
2020-04-17 10:08:14 +02:00
Jaeden Amero
31f4cd9de2
Merge pull request #3192 from AndrzejKurek/max_pathlen_overflow
...
Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-16 16:29:44 +01:00
Jaeden Amero
ed9e4779ab
Merge pull request #3127 from piotr-now/ssl_base64_dump
...
Add program for deserializing from base64 code
2020-04-16 12:00:25 +01:00
Piotr Nowicki
9978e6ee14
Add tests for the ssl_context_info program
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-15 16:21:36 +02:00
Andrzej Kurek
1605074f97
Guard from undefined behaviour in case of an INT_MAX max_pathlen
...
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-15 06:15:45 -04:00
Janos Follath
a18c4f35c9
Merge pull request #686 from ARMmbed/merge-2.22.0-release-to-development
...
Merge 2.22.0 release to development
2020-04-14 16:21:53 +01:00
Piotr Nowicki
97dcb1c8f2
Add required configuration to the ssl_context_info
...
Required:
MBEDTLS_X509_CRT_PARSE_C
MBEDTLS_ERROR_C
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
02cc3fb070
Add dynamic buffer allocation and size checking
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
bc876d4516
Rename program 'ssl_base64_dump' to 'ssl_context_info'
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
f86192f72a
Add support for Microsoft Visual Studio
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:48 +02:00
Piotr Nowicki
e5fa8b7cdf
Add certificate printing
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 16:40:42 +02:00
Manuel Pégourié-Gonnard
5d318cc22b
Merge pull request #3130 from gbryant-arm/generic-psk
...
Clarify and simplify PSK
2020-04-14 10:54:01 +02:00
Piotr Nowicki
4e192000fa
Add session deserializing (not completed)
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
ab3ecd8ac2
Print more information and add TODOs
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
6b2baf99f1
Print mbedtls version and configuration
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
c7d681c5bd
Add base64 code decoding
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
6842c9bde8
Add printing the read base64 code
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
14d3105f78
Add reading base64 code from file
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
88ebbbf0fe
Add function for parsing arguments
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki
9370f90d46
Initial work on the ssl dump program from base64 code
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Janos Follath
ac15f842a5
Merge remote-tracking branch 'restricted/pr/684' into mbedtls-2.22.0r0
2020-04-14 08:16:27 +01:00
Gilles Peskine
e0c84ac4d2
Pylint: explicitly note why we're doing an unchecked subprocess.run
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
1759602b29
Pylint: silence locally-disabled/enabled messages
...
If we disable or enable a message locally, it's by design. There's no
need to clutter the Pylint output with this information.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
7747efce14
Pylint: allow using pass even when not strictly necessary
...
If we take the trouble of using pass, it's because we think the code
is clearer that way. For example, Pylint 2.4 rejects pass in
def foo():
"""Do nothing."""
pass
But relying on a docstring as the sole code is weird, hence the use of
pass.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
8b022359e8
Pylint: minor code simplifications
...
Simplify the code in minor ways. Each of this changes fixes a warning
from Pylint 2.4 that doesn't appear with Pylint 1.7.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
184c096e95
Pylint: abide by useless-object-inheritance warnings
...
Inheriting from object is a remainder of Python 2 habits and is just
clutter in Python 3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
dd4c1c6fe7
mbedtls_test.py: drop compatibility with Python 2
...
Python 2 is no longer supported upstream. Actively drop compatibility
with Python 2.
Removing the inheritance of a class on object pacifies recent versions
of Pylint (useless-object-inheritance).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
aaee444c68
Document more methods in Python scripts
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-11 20:23:22 +02:00
Gilles Peskine
e62bdefce1
Merge pull request #3181 from gilles-peskine-arm/basic-build-test-status-with-deprecated
...
Fix failure detection and failures in basic-build-test.sh with SSL3 in basic-build-test
2020-04-10 15:07:01 +02:00
Gilles Peskine
c877c24ed0
Enable extra features that have tests
...
The "full" configuration excludes some deprecated or experimental
features. Enable the ones that have tests, don't have extra
requirements and don't turn off some other feature.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:33:52 +02:00
Gilles Peskine
b3d0bab10b
MBEDTLS_MEMORY_BACKTRACE is no longer included in the full config
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:33:52 +02:00
Gilles Peskine
40be51ffe3
Add a few echo statements to make the logs easier to follow
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:33:50 +02:00
Gilles Peskine
bfcb6e16ab
Create a large enough seedfile
...
The seedfile needs to have the size of the entropy accumulator, which
is 64 bytes (512 bits) since the entropy accumulator uses SHA-512 and
the seed size needs to be the same as the hash output (or larger).
We used to enable MBEDTLS_ENTROPY_FORCE_SHA256 in the full config, so
the entropy accumulator was 256 bits (32 bytes), and therefore a
32-byte seedfile worked. But we no longer turn on this option in the
full config, so the 32-byte seedfile no longer works.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:30:09 +02:00
Gilles Peskine
5757d54261
If 'make lcov' failed, exit immediately
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:30:02 +02:00
Gilles Peskine
ca51b474dc
Note that we keep going even if some tests fail
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-10 11:30:00 +02:00
Gilles Peskine
6d6ee98c14
Exit with a failure status if some tests failed
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-09 18:28:14 +02:00
Janos Follath
105c99624a
Merge pull request #681 from ARMmbed/prepare-rc-2.22.0-updated
...
Prepare rc 2.22.0 updated
2020-04-09 14:12:10 +01:00
Jaeden Amero
66e21efe47
Merge pull request #3163 from AndrzejKurek/variable-buffers-renegotiation
...
Variable buffers & renegotiation - fixes
2020-04-09 12:11:02 +01:00
Manuel Pégourié-Gonnard
28482397d3
Merge branch 'development-restricted' into prepare-rc-2.22.0-updated
...
* development-restricted:
Parse HelloVerifyRequest buffer overread: add changelog entry
Parse HelloVerifyRequest: avoid buffer overread at the start
Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 12:17:11 +02:00
Manuel Pégourié-Gonnard
215d2e14a3
Merge remote-tracking branch 'restricted/pr/662' into development-restricted
...
* restricted/pr/662:
Parse HelloVerifyRequest buffer overread: add changelog entry
Parse HelloVerifyRequest: avoid buffer overread at the start
Parse HelloVerifyRequest: avoid buffer overread on the cookie
2020-04-09 11:53:01 +02:00
Janos Follath
940bc0048c
Add missing ChangeLog entry
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-09 09:34:47 +01:00