Commit graph

13465 commits

Author SHA1 Message Date
Hanno Becker
3c358d4e12 Improve documentation of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
e41606001b Disable experimental TLS 1.3 features in default config
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
3169dad48b Add unit tests for TLS 1.3 record encryption
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
ccc13d03c3 TLS 1.3: Implement TLSInnerPlaintext parsing/building
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
7d343ecf06 Add note on inner plaintext parsing to ssl_transform documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
581bc1b908 Remove ref to CID from inner plaintext parsing/building functions
The internal functions

  `ssl_cid_{build/parse}_inner_plaintext()`

implement the TLSInnerPlaintext mechanism used by DTLS 1.2 + CID
in order to allow for flexible length padding and to protect the
true content type of a record.

This feature is also present in TLS 1.3 support for which is under
development. As a preparatory step towards sharing the code between
the case of DTLS 1.2 + CID and TLS 1.3, this commit renames

   `ssl_cid_{build/parse}_inner_plaintext()`

to

   `ssl_{build/parse}_inner_plaintext()`.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
2ab47dc5cd Add internal version identifier for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
a711f6e277 Add 'build+unit test' test for experimental TLS 1.3 code to all.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
9fc15ea4cc Introduce config option for experimental TLS 1.3 specific features
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Gilles Peskine
30e0bb4a24 Run assemble_changelog.py in all.sh
Avoid nasty surprises where it would fail when we want to make a release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:10 +02:00
Gilles Peskine
ba968a723b Wrap line to 79 columns
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:10 +02:00
Gilles Peskine
344da1cbd3 Some .pem files are openssl output and have tabs and that's ok
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:10 +02:00
Gilles Peskine
d2df86f005 .dsw files are Visual Studio stuff
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:09 +02:00
Gilles Peskine
12b180a0b9 Permit empty files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:09 +02:00
Gilles Peskine
ee40e76943 Normalize line endings
Convert all text files to Unix line endings unless they're Windows
stuff.

Make sure that all text files have a trailing newline.

Remove whitespace at the end of lines.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:08 +02:00
Gilles Peskine
3e2ee3cedc Check only files checked into Git
We're only interested in files that are committed and pushed to be
included in Mbed TLS, not in any other files that may be lying around.
So ask git for the list of file names.

This script is primarily intended to run on the CI, and there it runs
on a fresh Git checkout plus potentially some other checkouts or
leftovers from a previous part of the CI job. It should also run
reasonably well on developer machines, where there may be various
additional files. In both cases, git is available.

Ad hoc directory exclusions are no longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine
d4a853dbd7 Exclude binary files from text checks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine
0598db84c3 Regex mechanism for check-specific exemptions
Suffixes are convenient but not always sufficient.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine
c1d1b669db Check all files by default
Have an explicit list of exemptions for specific checks rather than
whitelisting files to check. Some checks, such as permissions, should
apply to all files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine
05a51a8a72 More accurate variable name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine
4eb05a4edd Fix article in documentation
Co-authored-by: Andrew Thoelke <andrew.thoelke@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:51:00 +02:00
danh-arm
14b8b3cd51
Merge pull request #3351 from ronald-cron-arm/make_cmake_versions
Add output of make, cmake and python3 versions
2020-05-27 17:37:19 +01:00
Janos Follath
eee1f3b0c1
Merge pull request #3341 from paul-elliott-arm/fix-contributing
Fix contributing link to changelog howto
2020-05-27 07:44:25 +01:00
Gilles Peskine
b1ccff8725
Merge pull request #2855 from irwir/fix_x509_crt.c
Remove non-working check from x509_get_subject_alt_name
2020-05-26 18:32:16 +02:00
Gilles Peskine
deacf60f79
Merge pull request #3326 from kohnakagawa/fix/utf-8_encoding_bug
fix mbedtls_x509_dn_gets to show non-ASCII string properly
2020-05-25 14:18:48 +02:00
Ronald Cron
87e658d5a4 Add output of python3 version
Add output of python3 version to output_env.sh.
Added in addition to the version of `python` as some
project's scripts try both executable names.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-25 13:55:21 +02:00
Ronald Cron
2c1a1f0a2d Add output of make and cmake versions
Add output of make and cmake versions to output_env.sh.
That way we can see their versions in the CI.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-05-25 13:22:18 +02:00
Gilles Peskine
7c3468efbc Fix #3328
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-25 12:26:04 +02:00
Gilles Peskine
583cd7f442 Re-generate error.c
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-25 12:23:55 +02:00
Gilles Peskine
efdce2df0d Do include asn1.h in error.c
When generate_errors.pl was first written, there was no asn1.h. But
now there is one and it does not need any special treatment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-25 12:23:11 +02:00
Gilles Peskine
5241f85bbd Check that all necessary headers are included in error.c
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-25 12:21:22 +02:00
Manuel Pégourié-Gonnard
4bfa1171ae
Merge pull request #3335 from Redfoxymoon/development
midipix platform support
2020-05-22 13:04:15 +02:00
Manuel Pégourié-Gonnard
c859c21824 Merge branch 'development' into development-restricted
* development: (81 commits)
  Add changelog entry file
  Remove obsolete comment
  Changelog entry noting the behavior change and storage format change
  Update SE support to pass a location when registering a driver
  Update SE support to pass a location when registering a driver
  Update the SE interface to pass a location when registering a driver
  Fix macros
  Missing word
  Define a macro to construct a lifetime from persistence and location
  Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx
  Rename and clarify the default persistent location and persistence
  PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area
  Shorten type and value names for lifetime parts
  Define some structure for lifetime values
  Fix typo in program benchmark.
  Add changelog entry for #3310.
  Add variable initialization to large SSL TLS function.
  Add Changelog entry for #3312
  Scope reduction to enable NULL check to protect dereferencing.
  Expose SSL HW record acceleration error.
  ...
2020-05-22 12:44:43 +02:00
Paul Elliott
8c4fd40bf6 Change Changelog link to point at Changelog readme
Make the contributing document link to how to create a changelog rather
than just linking to the Changelog itself.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-05-21 16:25:56 +01:00
irwir
fcdea0ff69 Remove definitions and settings that are never used or duplicate MSVC
defaults. Fixes #3297.

Signed-off-by: irwir <irwir@users.noreply.github.com>
2020-05-21 17:19:56 +03:00
Ørjan Malde
479d8de31d Add support for midipix, a POSIX layer for Microsoft Windows
Signed-off-by: Ørjan Malde <orjan.malde@foxi.me>
2020-05-20 18:14:45 +00:00
Koh M. Nakagawa
46b8782a72 fix mbedtls_x509_dn_gets to escape non-ASCII characters
Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
2020-05-21 01:56:55 +09:00
irwir
d742a2416d Add changelog entry
Signed-off-by: irwir <irwir@users.noreply.github.com>
2020-05-20 18:24:12 +03:00
Manuel Pégourié-Gonnard
5eae4dd08e
Merge pull request #3301 from Patater/inline-mbedtls_ecc_group_to_psa
psa: Define mbedtls_ecc_group_to_psa() inline
2020-05-19 09:06:04 +02:00
danh-arm
4850263bb5
Merge pull request #3319 from Kxuan/development
Fix typo in program benchmark.
2020-05-18 10:10:25 +01:00
Gilles Peskine
ee61b6601e
Merge pull request #3302 from gilles-peskine-arm/psa-lifetime-persistence-indicator
Define some structure for lifetime values
2020-05-14 16:13:20 +02:00
Jonas
4a67182962 Add Changelog entry for #3318
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-13 14:25:57 +09:00
Jonas
923d579369 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-13 14:25:47 +09:00
Gilles Peskine
e24fc7b0a1
Merge pull request #2595 from k-stachowiak/unified-exit-in-examples
Unify the example programs' termination
2020-05-12 10:46:47 +02:00
Gilles Peskine
24ba42cef7 Fix explanation of rules for function substitution
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:07:42 +02:00
Gilles Peskine
688f6cc591 There are test programs, not just unit tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:07:40 +02:00
Gilles Peskine
5925183b8a Fix explanation of PSA_DONE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:06:37 +02:00
Gilles Peskine
2182585776 Introduction: present the top-level sections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:03:33 +02:00
Gilles Peskine
d04b9ed7dd Spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:03:24 +02:00