Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
The library style is to start with the includes corresponding to the
current module and then the rest in alphabetical order. Some modules
have several header files (eg. ssl_internal.h).
The recently added error.h includes did not respect this convention and
this commit restores it. In some cases this is not possible just by
moving the error.h declarations. This commit fixes the pre-existing
order in these instances too.
Now that the Error module has error codes as well and is processed by
the generate_errors script like any other module, we don't need to
include the header manually.
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
* #321: Replace config.pl by config.py
* #322: Update Mbed Crypto with latest Mbed TLS changes as of 2019-11-15
* #308: Small performance improvement of mbedtls_mpi_div_mpi()
* #324: test_psa_constant_names: support key agreement, better code structure
* #320: Link to the PSA crypto portal page from README.md
* #293: Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
* #310: Clarify test descriptions in test_suite_memory_buffer_alloc
* #307: Add ASN.1 ENUMERATED tag support
* #328: Remove dependency of crypto_values.h on crypto_extra.h
* #325: Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
Missed listing in the previous submodule update:
* #304: Make sure Asan failures are detected in 'make test'
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
* origin/development:
Remove unused test data file
Remove component designed to test MAX_SIGNATURE_SIZE
Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509
Update crypto submodule
x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
Fix mbedtls_ssl_check_record usage with ext buf
Shorter version of mbedtls_ssl_send_fatal_handshake_failure
Resolve#2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
Resolve#2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
Resolve#2717 - remove erroneous sizeof (the operator was applied to constant integer number)
Fix potential resource leak in sslserver2 example
X.509: Add numerous negative parsing tests for CertificatePolicy ext
X.509: Adapt negative parsing test for no data in CrtPolicy ext
X.509: Move negative tests for CertificatePolicy parsing
X.509: Remove CRT policy parsing test 'bool len missing'
* origin/pr/2854:
Shorter version of mbedtls_ssl_send_fatal_handshake_failure
Resolve#2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
Resolve#2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
Resolve#2717 - remove erroneous sizeof (the operator was applied to constant integer number)
