Commit Graph

4296 Commits

Author SHA1 Message Date
Janos Follath
f4a65d66bf X509: Future CA among trusted: add more tests 2016-03-01 21:46:36 +00:00
Janos Follath
a155afb9d7 X509: Future CA among trusted: add unit tests 2016-03-01 21:46:36 +00:00
Simon Butcher
e919f76e0d Fix typos and add copyright statement to generate_code.pl 2016-03-01 21:46:36 +00:00
SimonB
32ff13ae3d Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-01 21:46:36 +00:00
SimonB
16177a4033 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2016-03-01 21:46:36 +00:00
SimonB
26f9a7098a Clarified purpose and usage of generate_code.pl
Added comments to explain purpose and usage of generate_code.pl
2016-03-01 21:46:36 +00:00
Simon Butcher
f51f088656 Added script to split the test case data files
Script generate-afl-tests.sh will split the test suite data files into
individual test case files, suitable for fuzzing.
2016-03-01 21:46:36 +00:00
Simon Butcher
3990f62669 Parameterised the test suite applications
All test suites can now take an arbitrary test file.
2016-03-01 21:46:35 +00:00
Simon Butcher
bc32e4a151 Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-01 21:46:35 +00:00
Simon Butcher
36567e3437 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
b2d3011774 x509: remove obsolete TODO comment
- basicContraints checks are done during verification
- there is no need to set extensions that are not present to default values,
  as the code using the extension will check if it was present using
ext_types. (And default values would not make sense anyway.)
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
db1ae1ea01 x509:
-
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
5a793b74a0 ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
9d79c1ba95 Remove unnecessary TODO comment
We don't implement anonymous key exchanges, and we don't intend to, so it can
never happen that an unauthenticated server requests a certificate from us.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
e66dd1dcef Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
a6062607f1 Update note about hardcoded verify_data_length 2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard
28124dba07 Remove unused code.
After the record contents are decompressed, in_len is no longer
accessed directly, only in_msglen is accessed. in_len is only read by
ssl_parse_record_header() which happens before ssl_prepare_record_contents().

This is also made clear by the fact that in_len is not touched after
decrypting anyway, so if it was accessed after that it would be wrong unless
decryption is used - as this is not the case, it show in_len is not accessed.
2016-03-01 21:46:34 +00:00
Manuel Pégourié-Gonnard
e6a4846435 Add note about not implementing PSK id_hint 2016-03-01 21:46:34 +00:00
Manuel Pégourié-Gonnard
d47c4335b8 Give better error messages for semi-portable parts
Previously it was failing with errors about headers not found, which is
suboptimal in terms of clarity. Now give a clean error with pointer to the
documentation.

Do the checks in the .c files rather than check_config.h as it keeps them
closer to the platform-specific implementations.
2016-03-01 21:46:34 +00:00
Manuel Pégourié-Gonnard
7a0cf2ef3c Improve documentation of some SSL callbacks
The previous documentation was not explicit about what was expected of the
callbacks - the user had to infer that from the descriptions in net.h or
timing.h, and it was not clear what was part of the calling convention and
what was specific to our implementation.
2016-03-01 21:46:34 +00:00
Manuel Pégourié-Gonnard
840046aa8c Fix Unix detection in mini_client
fixes #398
2016-03-01 21:46:34 +00:00
Simon Butcher
b3e014cffc Clarified mbedtls_ssl_conf_alpn_protocols() doc
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-01 21:46:34 +00:00
Janos Follath
9ee7f6cf6d Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-03-01 21:46:34 +00:00
Janos Follath
69db3bc738 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-01 21:46:34 +00:00
Janos Follath
8ac04de42b Add Changelog entry for current branch 2016-03-01 21:46:34 +00:00
Janos Follath
b39b710e42 Length check added 2016-03-01 21:45:54 +00:00
Manuel Pégourié-Gonnard
3c44760ae2 Merge branch 'IOTSSL-621-PotentialIntegerOverflow' into development-restricted
* IOTSSL-621-PotentialIntegerOverflow:
  Add precision about exploitability in ChangeLog
  Add Changelog entry for current branch
  Included tests for the overflow
2016-02-11 10:39:31 +01:00
Manuel Pégourié-Gonnard
9678b5dccd Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-02-11 10:35:13 +01:00
Janos Follath
31581985a0 Add Changelog entry for current branch 2016-02-10 16:25:55 +00:00
Janos Follath
4ae5c294a4 Add Changelog entry and improve coding style 2016-02-10 11:27:43 +00:00
Janos Follath
ca214b9aaf Updated relevant #ifdef 2016-02-09 16:53:08 +00:00
Janos Follath
599d349811 Included tests for the overflow 2016-02-08 14:52:29 +00:00
Manuel Pégourié-Gonnard
edb1a48397 dtls: improve doc about handshake timeouts 2016-01-29 16:05:55 +01:00
Simon Butcher
bdae02ce90 Corrected references for RSA and DHM
The links in the references in rsa.c and dhm.c were no longer valid and needed
updating.
2016-01-20 00:44:42 +00:00
Simon Butcher
9a3ee57c84 Merge branch 'fixes' into development 2016-01-13 02:08:02 +00:00
Manuel Pégourié-Gonnard
d091ed1911 Add scripts/apidoc_full.sh
This re-introduces the apidoc with full config.h, but hopefully with the race
conditions and other issues that the previous implementation had.

Adapt doxygen test script to use that new script, and also check for errors
in addition to warnings while at it.
2016-01-12 14:48:03 +00:00
Manuel Pégourié-Gonnard
c990189e14 Revert changes done to 'make apidoc' target
This partially reverts 1989caf71c (only the changes to Makefile and
CMakeLists, the addition to scripts/config.pl is kept).

Modifying config.h in the apidoc target creates a race condition with

    make -j4 all apidoc

where some parts of the library, tests or programs could be built with the
wrong config.h, resulting in all kinds of (semi-random) errors. Recent
versions of CMake mitigate this by adding a .NOTPARALLEL target to the
generated Makefile, but people would still get errors with older CMake
versions that are still in use (eg in RHEL 5), and with plain make.

An additional issue is that, by failing to use cp -p, the apidoc target was
updating the timestamp on config.h, which seems to cause further build issues.

Let's get back to the previous, safe, situation. The improved apidoc building
will be resurrected in a script in the next commit.

fixes #390
fixes #391
2016-01-12 14:48:03 +00:00
Simon Butcher
04d42111f4 Reverted the INPUT in doxygen to .
Previous change to include excluded the content in doxygen/input
2016-01-12 00:59:15 +00:00
Manuel Pégourié-Gonnard
35d07bfb45 Exclude more things from doxygen inputs 2016-01-08 17:01:59 +01:00
Manuel Pégourié-Gonnard
de7ae7b2e9 Exclude some warnings from the doxygen test
Apparently travis has an old version of doxygen that doesn't know all tags in
our config. That's not something we care about, we only want to know about
warnings in our doxygen content
2016-01-08 17:01:59 +01:00
Manuel Pégourié-Gonnard
259b08a5d2 Add -s (short) option to all.sh
On my machine, that reduces running time from about 30 minutes to less than 10
minutes, while maintaining a good probability of catching the most likely
issues in practice.
2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
695e0ba014 Add new doxygen test to travis 2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
1d552e7583 Add test script for doxygen warnings 2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
b873f7ac98 Fix doxygen warnings about deprecated tags
Doxygen 1.8.10 warns that those tags are obsolete. Since we're not generating
XML anyway, it seems harmless to remove them even for earlier versions.
2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
d2655ac2dc Add test for yotta debug build 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
365f325e03 Make check-names.sh happy 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Manuel Pégourié-Gonnard
3551901cd1 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard
afbb3101ce Update ChangeLog for latest PR merged
fixes #309
2016-01-07 13:26:11 +01:00
Manuel Pégourié-Gonnard
e9c1b1a3bf Merge remote-tracking branch 'yanesca/iss309' into development
* yanesca/iss309:
  Improved on the previous fix and added a test case to cover both types of carries.
  Removed recursion from fix #309.
  Improved on the fix of #309 and extended the test to cover subroutines.
  Tests and fix added for #309 (inplace mpi doubling).
2016-01-07 13:22:27 +01:00