Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.
As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.
Introduced by e298532394
Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing. Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
Previously, if `POLARSSL_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `ssl_read` (expecting application data) lead to the connection being
closed. This commit fixes this, restricting the
`POLARSSL_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)
The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.
A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
The warning was caused because in MSVC some of the function parameters
for the socket APIs are int while the fields in struct addrinfo are
size_t e.g. possible data loss.
The warning was caused because of conversions from size_t to int, which
can cause data loss. The files affected are:
* ssl_client2.c
* ssl_server2.c
* ssl_mail_client.c
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
when creating the CRT.