Commit graph

7888 commits

Author SHA1 Message Date
Andrzej Kurek
b459346f67 ssl-opt.sh: add a check for i686 targets
Run DTLS fragmenting tests on non-i686 targets only.
Remove reduntant gnutls requirements.
2018-10-11 08:43:30 -04:00
Andrzej Kurek
7782605491 ssl-opt.sh: add comments regarding ciphersuite forcing 2018-10-11 07:34:08 -04:00
Andrzej Kurek
748face36f ssl_tls: fix maximum output length
set maximum output length to MBEDTLS_SSL_OUT_CONTENT_LEN instead of
MBEDTLS_SSL_MAX_CONTENT_LEN.
2018-10-11 07:20:19 -04:00
Andrzej Kurek
7c6df832ed ssl-opt.sh: revert unnecessary "autoreduction" checks
return to the initial check for "resend"
2018-10-11 07:06:12 -04:00
Andrzej Kurek
7311c78074 ssl-opt.sh: force ciphersuites to reduce mtu size 2018-10-11 06:49:41 -04:00
Andrzej Kurek
35f2f300ca ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' 2018-10-09 08:52:14 -04:00
Andrzej Kurek
ef43ce6e25 Dtls: change the way unlimited mtu is set for client hello messages 2018-10-09 08:24:12 -04:00
Hanno Becker
abe6003f5a Adapt ChangeLog 2018-10-09 12:44:47 +01:00
Hanno Becker
095d9cf58e Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:44:42 +01:00
Andrzej Kurek
0fc9cf40cf ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams 2018-10-09 03:09:41 -04:00
Andrzej Kurek
948fe80f42 ssl-opt.sh: adjust test timeouts to fit slower targets 2018-10-06 05:07:47 -04:00
Andrzej Kurek
6290dae909 Disable dtls fragmentation for ClientHello messages
Set the handshake mtu to unlimited when encountering a ClienHello message and
reset it to its previous value after writing the record.
2018-10-05 08:06:01 -04:00
Andrzej Kurek
52f8491dc2 ssl-opt.sh: adjust tests to fit slower targets
Adjust mtu sizes to be able to pass tests using a full configuration
2018-10-05 07:53:40 -04:00
Hanno Becker
617a321ed9 Adapt ChangeLog 2018-10-05 09:52:59 +01:00
Hanno Becker
30a95102b1 Fix memory leak and freeing without initialization in cert_write
* The variables `csr` and `issuer_crt` are initialized but not freed.
* The variable `entropy` is unconditionally freed in the cleanup section
  but there's a conditional jump to that section before its initialization.
  This cmmot Moves it to the other initializations happening before the
  first conditional jump to the cleanup section.

Fixes #1422.
2018-10-05 09:52:31 +01:00
Aurelien Jarno
16b1bd8932 bn_mul.h: add ARM DSP optimized MULADDC code
The Cortex M4, M7 MCUs and the Cortex A CPUs support the ARM DSP
instructions, and especially the umaal instruction which greatly
speed up MULADDC code. In addition the patch switched the ASM
constraints to registers instead of memory, giving the opportunity
for the compiler to load them the best way.

The speed improvement is variable depending on the crypto operation
and the CPU. Here are the results on a Cortex M4, a Cortex M7 and a
Cortex A8. All tests have been done with GCC 6.3 using -O2. RSA uses a
RSA-4096 key. ECDSA uses a secp256r1 curve EC key pair.

                 +--------+--------+--------+
                 |   M4   |   M7   |   A8   |
+----------------+--------+--------+--------+
| ECDSA signing  |  +6.3% |  +7.9% |  +4.1% |
+----------------+--------+--------+--------+
| RSA signing    | +43.7% | +68.3% | +26.3% |
+----------------+--------+--------+--------+
| RSA encryption |  +3.4% |  +9.7% |  +3.6% |
+----------------+--------+--------+--------+
| RSA decryption | +43.0% | +67.8% | +22.8% |
+----------------+--------+--------+--------+

I ran the whole testsuite on the Cortex A8 Linux environment, and it
all passes.
2018-10-04 16:09:27 +02:00
Gilles Peskine
95c5575e12 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:13:24 +02:00
Simon Butcher
6e3606e4f6 Fix run-test-suites.pl to screen for files
Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
2018-09-30 21:53:16 +01:00
Gilles Peskine
427df37f84 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-28 14:31:16 +02:00
Gilles Peskine
5c39d7a972 Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-28 14:31:16 +02:00
Gilles Peskine
bd90a8c002 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-28 14:31:16 +02:00
Gilles Peskine
a9daa5c357 Look for documentation only in specific directories
Generate the documentation from include and doxygen/input only. Don't
get snared by files containing Doxygen comments that lie in other
directories such as tests, yotta, crypto/include, ...

The only difference this makes in a fresh checkout is that the
documentation no longer lists target_config.h. This file is from
yotta, does not contain any Doxygen comment, and its inclusion in the
rendered documentation was clearly an oversight.
2018-09-28 14:31:16 +02:00
Simon Butcher
0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Simon Butcher
1afc767f23 Merge remote-tracking branch 'public/pr/1758' into development 2018-09-27 11:35:19 +01:00
Simon Butcher
c86993e33c Merge remote-tracking branch 'public/pr/1970' into development 2018-09-27 09:48:54 +01:00
Simon Butcher
c0514bfffe Added ChangeLog entry for yotta support removal 2018-09-26 18:08:54 +01:00
Simon Butcher
3ad2efdc82 Remove Yotta support from the docs, tests and build scripts
Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the
following changes have been made:
 * references to yotta have been removed from the main readme and build
   instructions
 * the yotta module directory and build script has been removed
 * yotta has been removed from test scripts such as all.sh and check-names.sh
 * yotta has been removed from other files that that referenced it such as the
   doxyfile and the bn_mul.h header
 * yotta specific configurations and references have been removed from config.h
2018-09-26 17:55:09 +01:00
Gilles Peskine
487cdf5516 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-26 16:50:38 +02:00
Gilles Peskine
2561a50ea4 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-26 16:50:31 +02:00
Ron Eldor
54a7c620bb Minor style changes
1. Rephrase error description.
2. fix alignment of error list.
2018-09-12 14:43:44 +03:00
Manuel Pégourié-Gonnard
5a481f1940 Update error.h count for SSL 2018-09-12 12:33:32 +02:00
Manuel Pégourié-Gonnard
12e4a8be2a Improve documentation wording and formatting 2018-09-12 10:58:26 +02:00
Manuel Pégourié-Gonnard
1c1c20ed4d Fix some whitespace issues 2018-09-12 10:34:43 +02:00
Manuel Pégourié-Gonnard
125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher
53546ea099 Update library version number to 2.13.1 2018-09-06 19:10:26 +01:00
Simon Butcher
5d40f67138 Merge remote-tracking branch 'public/pr/1927' into development-restricted 2018-09-06 16:24:48 +01:00
Hanno Becker
d2ef25478e Don't define _POSIX_C_SOURCE in header file 2018-09-06 14:53:25 +01:00
Hanno Becker
f5106d54eb Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
Hanno Becker
323d8019bf Correct preprocessor guards determining use of gmtime()
The previous code erroneously used gmtime_r() to implement
mbedtls_platform_gmtime() in case of a non-windows, non-unix system.
2018-09-06 11:30:57 +01:00
Hanno Becker
03b2bd4a06 Correct documentation of mbedtls_platform_gmtime_r()
Previous documentation stated that gmtime_r() was from the standard library,
but it's POSIX.
2018-09-06 09:08:55 +01:00
Hanno Becker
a50fed9910 Correct typo in documentation of mbedtls_platform_gmtime_r() 2018-09-06 09:08:39 +01:00
Hanno Becker
6f70581c4a Correct POSIX version check to determine presence of gmtime_r()
Recent versions of POSIX move gmtime_r to the base.
2018-09-06 09:06:33 +01:00
Hanno Becker
c52ef407ba Improve documentation of mbedtls_platform_gmtime_r() 2018-09-05 16:36:31 +01:00
Hanno Becker
7dd82b4f51 platform_utils.{c/h} -> platform_util.{c/h} 2018-09-05 16:26:04 +01:00
Hanno Becker
5a7fe14590 Don't include platform_time.h if !MBEDTLS_HAVE_TIME
platform_time.h includes time.h, which is not assumed to be present
on a system where MBEDTLS_HAVE_TIME is not defined.
2018-09-05 16:24:44 +01:00
Hanno Becker
9fbbf1c1f0 Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT 2018-09-05 16:23:02 +01:00
Hanno Becker
c9468885a8 Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT 2018-09-05 16:22:10 +01:00
Hanno Becker
921b76d056 Replace 'thread safe' by 'thread-safe' in the documentation 2018-09-05 16:21:36 +01:00
Hanno Becker
9a51d01984 Improve documentation of MBEDTLS_HAVE_TIME_DATE 2018-09-05 16:20:09 +01:00
Hanno Becker
acef292eac ChangeLog: Add missing renamings gmtime -> gmtime_r 2018-09-05 16:19:07 +01:00