Commit Graph

7154 Commits

Author SHA1 Message Date
junyeonLEE
316b162ac3 Separate psk and psk_identity buffers free
Sometimes, psk_identity buffer can't released because psk buffer is NULL.
So, separate it.
2018-03-21 14:15:28 +00:00
Gilles Peskine
0114ffc76b all.sh: Verify out-of-tree testing with CMake
Run a test case in ssl-opt.sh to validate that testing works in an
out-of-tree CMake build.
2018-03-21 12:29:20 +01:00
Gilles Peskine
a71d64c74f all.sh: fix cleanup happening during an out-of-tree build 2018-03-21 12:29:15 +01:00
Gilles Peskine
31b07e2833 all.sh: be more conservative when cleaning up CMake artefacts
Only delete things that we expect to find, to avoid deleting other
things that people might have lying around in their build tree.
Explicitly skip .git to avoid e.g. accidentally matching a branch
name.
2018-03-21 12:29:08 +01:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Andres Amaya Garcia
8e0e16032d Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:15:08 +00:00
Mitsuhiro Nakamura
5ff2ee51e9 Fix dylib linking 2018-03-21 11:10:59 +00:00
Gilles Peskine
38d8165865 all.sh: add opposites to all boolean options
All options can now be overridden by a subsequent option, e.g.
"all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This
allows making wrapper scripts with default options and occasionally
overriding those options when running the wrapper script.
2018-03-21 08:40:26 +01:00
Gilles Peskine
8a244c90a8 all.sh: option parsing: reduce vertical spread
Only whitespace changes.
2018-03-21 08:39:32 +01:00
Gilles Peskine
262329603d all.sh: with --no-armcc, don't call armcc from output_env.sh
When not running armcc, don't try to invoke armcc at all, not even to
report its version.
2018-03-21 08:35:07 +01:00
Krzysztof Stachowiak
c0b13f7f0c Update change log 2018-03-20 14:10:15 +01:00
Krzysztof Stachowiak
bc231cc9b0 Add a missing buffer size check 2018-03-20 14:09:53 +01:00
Krzysztof Stachowiak
bc145f7978 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-03-20 11:19:50 +01:00
Gilles Peskine
ea7dbbe0de Replace MBEDTLS_EINTR by IS_EINTR
check-names.sh reserves the prefix MBEDTLS_ for macros defined in
config.h so this name (or check-names.sh) had to change.

This is also more flexible because it allows for platforms that don't have
an EINTR equivalent or have multiple such values.
2018-03-19 17:10:31 +01:00
Hanno Becker
c9f4d6d448 Correct error.c 2018-03-19 09:23:13 +00:00
Jaeden Amero
8be0e6db41 Update version to 2.8.0 2018-03-16 16:25:12 +00:00
Simon Butcher
a4cbfa3ea2 Add clarity to use of the rsa_internal.h interface
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:42:54 +00:00
Hanno Becker
ef52796537 Fix missing return statement ssl_server2 idling
Also, introduce MBEDTLS_EINTR locally in net_sockets.c
for the platform-dependent return code macro used by
the `select` call to indicate that the poll was interrupted
by a signal handler: On Unix, the corresponding macro is EINTR,
while on Windows, it's WSAEINTR.
2018-03-15 15:52:31 +00:00
Hanno Becker
80e06d77d9 Use WSAEINTR instead of EINTR on Windows 2018-03-15 14:41:55 +00:00
Darryl Green
a6f430f577 Fix current directory check 2018-03-15 13:53:58 +00:00
Hanno Becker
9b2b66ebd2 Minor style corrections
Move function block brace outside conditional compilation
to not confuse some editors, and correct indentation.
2018-03-15 12:21:15 +00:00
Hanno Becker
9ac640326b Don't exit mbedtls_net_poll on interruption of select
If the select UNIX system call is interrupted by a signal handler,
it is not automatically restarted but returns EINTR. This commit
modifies the use of select in mbedtls_net_poll from net_sockets.c
to retry the select call in this case.
2018-03-15 12:19:31 +00:00
Hanno Becker
adfa64f0c4 Abort idle-loop in ssl_server2 if sockets gets invalid
Previously, the idling loop in ssl_server2 didn't check whether
the underlying call to mbedtls_net_poll signalled that the socket
became invalid. This had the consequence that during idling, the
server couldn't be terminated through a SIGTERM, as the corresponding
handler would only close the sockets and expect the remainder of
the program to shutdown gracefully as a consequence of this.
This was subsequently attempted to be fixed through a change
in ssl-opt.sh by terminating the server through a KILL signal,
which however lead to other problems when the latter was run
under valgrind.

This commit changes the idling loop in ssl_server2 and ssl_client2
to obey the return code of mbedtls_net_poll and gracefully shutdown
if an error occurs, e.g. because the socket was closed.

As a consequence, the server termination via a KILL signal in
ssl-opt.sh is no longer necessary, with the previous `kill; wait`
pattern being sufficient. The commit reverts the corresponding
change.
2018-03-15 11:43:41 +00:00
Hanno Becker
8d83218b70 Increase UDP record packing time in ssl-opt.sh
The UDP tests involving the merging of multiple records into single
datagrams accumulate records for 10ms, which can be less than the
total flight preparation time if e.g. the tests are being run with
valgrind.

This commit increases the packing time for the relevant tests
from 10ms to 50ms.
2018-03-15 10:14:19 +00:00
Hanno Becker
7b6582b631 Kill server and proxy via SIGQUIT in ssl-opt.sh
SIGKILL interferes with memory checking in valgrind.
2018-03-15 09:37:27 +00:00
Jaeden Amero
79a5e72719 Merge remote-tracking branch 'upstream-restricted/pr/463' into development-restricted-proposed 2018-03-15 08:25:05 +00:00
Jaeden Amero
24b2d6fb6d Merge remote-tracking branch 'upstream-restricted/pr/459' into development-restricted-proposed 2018-03-15 08:24:44 +00:00
Jaeden Amero
8e4ff12909 Merge branch 'development-proposed' into development-restricted-proposed 2018-03-15 08:23:55 +00:00
Jaeden Amero
ce183d994c Merge remote-tracking branch 'upstream-public/pr/1448' into development-proposed 2018-03-15 08:23:53 +00:00
Jaeden Amero
d1fedc55d7 Merge remote-tracking branch 'upstream-public/pr/1440' into development-proposed 2018-03-15 08:23:35 +00:00
Jaeden Amero
95ad522ecc Merge remote-tracking branch 'upstream-public/pr/1439' into development-proposed 2018-03-15 08:23:10 +00:00
Jaeden Amero
64293777eb Merge remote-tracking branch 'upstream-public/pr/1423' into development-proposed 2018-03-15 08:22:48 +00:00
Jaeden Amero
a53d9abfe8 Merge remote-tracking branch 'upstream-public/pr/1051' into development-proposed 2018-03-15 08:22:48 +00:00
Manuel Pégourié-Gonnard
47a98d4e2c fixup previous commit: add forgotten file 2018-03-14 14:08:57 +01:00
Manuel Pégourié-Gonnard
a63305d134 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:44:54 +01:00
Manuel Pégourié-Gonnard
0bdb050b2d x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:00:55 +01:00
Krzysztof Stachowiak
7fa1ae70c8 Add Changelog entry 2018-03-14 11:57:37 +01:00
Krzysztof Stachowiak
00bbf572af Update change log 2018-03-14 11:14:13 +01:00
Manuel Pégourié-Gonnard
fd3e4fbae7 x509: CRL: reject unsupported critical extensions 2018-03-14 09:15:02 +01:00
Gilles Peskine
5f1932817c Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed 2018-03-13 17:18:06 +01:00
Gilles Peskine
553a06f08a Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Hanno Becker
b6f880b63b Revert whitespace change to ease merging 2018-03-13 12:48:50 +00:00
Manuel Pégourié-Gonnard
1ba8a3fc55 Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:42:38 +01:00
Andrzej Kurek
ccbd8a4bbb Add a missing bracket in ifdef for __cplusplus 2018-03-13 07:52:09 -04:00
Hanno Becker
bc6c110139 Add test to ssl-opt.sh demonstrating the need for ssl_check_pending 2018-03-13 11:48:32 +00:00
Hanno Becker
ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00
Hanno Becker
6a33f59f76 Add tests for event-driven I/O in DTLS to ssl-opt.sh 2018-03-13 11:48:29 +00:00
Hanno Becker
62dcbaf567 Improve crediting in ChangeLog 2018-03-13 10:54:43 +00:00
Krzysztof Stachowiak
5224a7544c Prevent arithmetic overflow on bounds check 2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak
740b218386 Add bounds check before length read 2018-03-13 11:31:14 +01:00