Commit graph

5444 commits

Author SHA1 Message Date
Gilles Peskine
5eafc74154
Merge pull request #1159 from RonEld/1862
Change Arm Trademarks
2017-11-20 17:45:49 +01:00
Manuel Pégourié-Gonnard
888fedea06 Merge branch 'development' into development-restricted
* development: (30 commits)
  update README file (#1144)
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Minor style fix
  config.pl get: be better behaved
  config.pl get: don't rewrite config.h; detect write errors
  Fixed "config.pl get" for options with no value
  Fix typo and bracketing in macro args
  Ensure failed test_suite output is sent to stdout
  Remove use of GNU sed features from ssl-opt.sh
  Fix typos in ssl-opt.sh comments
  Add ssl-opt.sh test to check gmt_unix_time is good
  Extend ssl-opt.h so that run_test takes function
  Always print gmt_unix_time in TLS client
  Restored note about using minimum functionality in makefiles
  Note in README that GNU make is required
  Fix changelog for ssl_server2.c usage fix
  ...
2017-11-14 08:24:22 +01:00
Ron Eldor
2ac96620f3 change URL
Change URL from developer.mbed.org to os.mbed.com
2017-11-01 14:19:50 +02:00
Ron Eldor
9d22619a13 Change Arm Trademarks to the issue template
Change the Trademarks to the issue template document
2017-10-30 18:39:47 +02:00
Ron Eldor
c7acb913ce Change Arm Trademarks
Change the Arm Trademarks according to updated Trademarks
2017-10-30 17:24:50 +02:00
RonEld
005939db98 update README file (#1144)
* update README file

update VS 2010 as the minimal version of required Visual Studio

* Rephrase the MS VS requirement

Rephrase the VS version sentence
2017-10-17 18:19:48 +01:00
Simon Butcher
6f63db7ed5 Fix changelog for ssl_server2.c usage fix 2017-10-12 23:22:17 +01:00
Gilles Peskine
085c10afdb Allow comments in test data files 2017-10-12 23:22:17 +01:00
Andres Amaya Garcia
9fb02057a5 Fix typo in asn1.h 2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
60100d09ee Improve leap year test names in x509parse.data 2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
735b37eeef Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 23:21:37 +01:00
Janos Follath
b0f148c0ab Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-12 23:21:37 +01:00
Ron Eldor
73a381772b Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-12 23:21:37 +01:00
Gilles Peskine
8ca0e8fdff Minor style fix 2017-10-12 23:21:37 +01:00
Gilles Peskine
d98e9e8577 config.pl get: be better behaved
When printing an option's value, print a newline at the end.

When the requested option is missing, fail with status 1 (the usual
convention for "not found") rather than -1 (which has a
system-dependent effect).
2017-10-12 23:21:37 +01:00
Gilles Peskine
01f57e351c config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-12 23:21:37 +01:00
Gilles Peskine
f0f55ccb72 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
bd9d42c236 Fix typo and bracketing in macro args 2017-10-12 23:21:37 +01:00
Gilles Peskine
4552bf7558 Allow comments in test data files 2017-10-12 23:20:56 +01:00
Andres Amaya Garcia
77f1b109ec Fix typo in asn1.h 2017-10-12 22:40:28 +01:00
Andres Amaya Garcia
47e7b56fb6 Improve leap year test names in x509parse.data 2017-10-12 19:55:03 +01:00
Andres Amaya Garcia
106637fc2d Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 19:54:46 +01:00
Janos Follath
88f5808c13 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 12:49:09 +01:00
Ron Eldor
8dd73e62d2 Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 12:49:00 +01:00
Gilles Peskine
ae98d4aa39 Minor style fix 2017-10-10 17:46:19 +01:00
Gilles Peskine
ad8b9ec9e9 config.pl get: be better behaved
When printing an option's value, print a newline at the end.

When the requested option is missing, fail with status 1 (the usual
convention for "not found") rather than -1 (which has a
system-dependent effect).
2017-10-10 17:46:07 +01:00
Gilles Peskine
58e5fdc0ca config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-10 17:45:33 +01:00
Gilles Peskine
134a082455 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-10 17:45:00 +01:00
Andres Amaya Garcia
86968c6dd1 Fix typo and bracketing in macro args 2017-10-07 18:29:03 +01:00
Andres Amaya Garcia
3f50f511de Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 18:15:28 +01:00
Andres Amaya Garcia
def0339db2 Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 17:33:34 +01:00
Andres Amaya Garcia
67d8da522f Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
3b1bdff285 Fix typos in ssl-opt.sh comments 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
b84c40b12f Add ssl-opt.sh test to check gmt_unix_time is good
Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
93993defd1 Extend ssl-opt.h so that run_test takes function
Extend the run_test function in ssl-opt.sh so that it accepts the -f
and -F options. These parameters take an argument which is the name of
a shell function that will be called by run_test and will be given the
client input and output debug log. The idea is that these functions are
defined by each test and they can be used to do some custom check
beyon those allowed by the pattern matching capabilities of the
run_test function.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
6bce9cb5ac Always print gmt_unix_time in TLS client
Change ssl_parse_server_hello() so that the parsed first four random
bytes from the ServerHello message are printed by the TLS client as
a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The
debug message will only be printed if debug_level is 3 or higher.

Unconditionally enabling the debug print enabled testing of this value.
2017-10-06 11:59:13 +01:00
Gilles Peskine
470edd031f Restored note about using minimum functionality in makefiles 2017-10-06 11:59:13 +01:00
Gilles Peskine
11cb578fda Note in README that GNU make is required
Our README claims that we only use basic Make functionality, but in
fact GNU make is required for conditional compilation. Document this.

Addresses issue #967
2017-10-06 11:59:13 +01:00
Simon Butcher
16373a5933 Fix changelog for ssl_server2.c usage fix 2017-10-06 11:59:13 +01:00
Ron Eldor
71f68c4043 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Simon Butcher
2c4f9460ea Update ChangeLog for fix to #836 2017-10-06 11:59:13 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Hanno Becker
0446a39744 Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
Hanno Becker
947194e7cf Make mbedtls_ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-10-06 11:58:50 +01:00
Hanno Becker
b25c0c78cf Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-10-06 11:58:50 +01:00
Ron Eldor
cb8d54b22d Fix typo in configs/README.txt file
Fix typo in Readme file: ajust->adjust
2017-10-06 11:58:50 +01:00
Xinyu Chen
e1a94a6404 Correct the printf message of the DTLS handshake.
Make it consistent with dtls_server.c
2017-10-06 11:58:50 +01:00
Gilles Peskine
964faeb6c4 Cleaned up get_line for test data files
Look, ma, a use for do...while!

Also removed 1-3 calls to strlen.
2017-10-06 11:58:50 +01:00
Gilles Peskine
b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Andres Amaya Garcia
acdae0cb33 Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:55:32 +01:00