Hanno Becker
713fe7f66c
Add test case calling ssl_set_hostname twice
...
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-09-30 23:34:52 +01:00
Ron Eldor
376f7f5fe1
Fix typo in configs/README.txt file
...
Fix typo in Readme file: ajust->adjust
2017-09-30 21:37:59 +01:00
Xinyu Chen
00afe1c046
Correct the printf message of the DTLS handshake.
...
Make it consistent with dtls_server.c
2017-09-30 09:52:38 +01:00
Hanno Becker
08a36dde80
Unify naming schemes for RSA keys
2017-09-29 20:05:23 +01:00
Hanno Becker
b4274210a4
Improve documentation in pkparse.c
...
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
2017-09-29 19:18:51 +01:00
Hanno Becker
f04111f5c5
Fix typo
2017-09-29 19:18:42 +01:00
Gilles Peskine
5b7ee07ff6
Cleaned up get_line for test data files
...
Look, ma, a use for do...while!
Also removed 1-3 calls to strlen.
2017-09-29 18:00:25 +02:00
Hanno Becker
56bae95e1d
Improve style and documentation, fix typo
2017-09-29 15:43:49 +01:00
Gilles Peskine
26182edd0c
Allow comments in test data files
2017-09-29 15:45:12 +02:00
Hanno Becker
4b2f691691
Doxygen: Use typewriter font for variables in rsa.h documentation
2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321
Increase readability of Doxygen output
...
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb
Add and document an RSA-specific error code for unsupported exports
...
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
bead71752e
Correct typo in rsa.c
2017-09-29 12:41:06 +01:00
Hanno Becker
e1582a832b
Add expectation when testing RSA key import/export
...
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.
Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
2017-09-29 11:54:05 +01:00
Hanno Becker
4d6e83406c
Improve readability of test for mbedtls_rsa_import
2017-09-29 11:54:05 +01:00
Hanno Becker
5063cd2cca
Deprecate direct manipulation of structure fields in RSA context
2017-09-29 11:54:05 +01:00
Hanno Becker
ba1ba11a98
Check that length is properly set in mbedtls_rsa_check_pubkey
2017-09-29 11:54:05 +01:00
Hanno Becker
2f8f06aa25
Don't always recompute context length in mbedtls_rsa_get_len
...
This commit changes the implementation of `mbedtls_rsa_get_len` to return
`ctx->len` instead of always re-computing the modulus' byte-size via
`mbedtls_mpi_size`.
2017-09-29 11:54:05 +01:00
Hanno Becker
54cfc585cd
Add test cases for mbedtls_rsa_import[_raw] where N is missing
2017-09-29 11:54:05 +01:00
Hanno Becker
2cca6f3290
Always deduce N from P, Q in mbedtls_rsa_complete
...
Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.
2017-09-29 11:54:05 +01:00
Hanno Becker
041a6b030f
Adapt ChangeLog
2017-09-28 14:52:26 +01:00
Hanno Becker
cc56628117
Don't use all_final as a target in tests/data_files/Makefile
...
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-09-26 16:21:19 +01:00
Ron Eldor
8b766218a8
Update ChangeLog
...
Update ChangeLog according to Andres seggestion
2017-09-24 15:44:56 +03:00
Ron Eldor
2981a0a740
Address Andres PR comments
...
Address Andres' comments in the PR
2017-09-24 15:41:09 +03:00
Jaeden Amero
1526330931
Allow alternate implementation of GCM
...
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Hanno Becker
6428f8d78e
Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
...
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-09-22 16:58:50 +01:00
Hanno Becker
d8a6f7cfbe
Clarify code-paths in x509write_csr and x509write_crt
2017-09-22 16:05:43 +01:00
Hanno Becker
a20e33ad59
Use X509 CRT version macros for version checks in x509write_crt_der
2017-09-22 15:40:01 +01:00
Hanno Becker
7f3652ddf1
Fix error code printing in cert_write
...
Error codes can consume up to two bytes, but only one was printed so far.
2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791
Use X509 CRT version macros in cert_write program
2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e
Fix senseless comment
2017-09-22 15:35:16 +01:00
Hanno Becker
930025da6d
Adapt ChangeLog
2017-09-18 16:12:28 +01:00
Florin
0b7b83fd91
Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
...
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-09-18 16:11:42 +01:00
Hanno Becker
2b187c4d5f
Correct typo
2017-09-18 16:11:42 +01:00
Hanno Becker
09930d1f01
Add expected number of fragments to 16384-byte packet tests
2017-09-18 16:11:42 +01:00
Hanno Becker
c526696c05
Add tests for messages beyond 16384 bytes to ssl-opt.sh
...
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-09-18 16:11:42 +01:00
Hanno Becker
4aed27e469
Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
...
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-09-18 16:11:42 +01:00
Hanno Becker
e4ad3e8803
Allow requests of size larger than 16384 in ssl_client2
2017-09-18 16:11:42 +01:00
Hanno Becker
5175ac6e13
Add tests for disabled MFL-extension to all.sh
...
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-09-18 16:11:39 +01:00
Andres Amaya Garcia
01692531c6
Document code silently discarding invalid records
2017-09-14 20:20:31 +01:00
Andres Amaya Garcia
f569f701c2
Fix ChangeLog entry
2017-09-14 20:20:21 +01:00
Andres Amaya Garcia
06fc6650f4
Add ChangeLog entry
2017-09-14 20:20:15 +01:00
Andres Amaya Garcia
2fad94b193
Dont send alert on invalid DTLS record type
...
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Hanno Becker
d4a872ee67
Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG
...
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
2017-09-14 08:04:13 +01:00
Hanno Becker
45037ceac5
Add check for presence of relevant parameters in mbedtls_rsa_private
...
If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is
not used, check for N, P, Q, D, E only.
2017-09-14 08:02:14 +01:00
Hanno Becker
81535d0011
Minor style and typo corrections
2017-09-14 07:51:54 +01:00
Hanno Becker
476986547b
Omit version from X.509 v1 certificates
...
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-09-14 07:51:54 +01:00
Hanno Becker
d7f3520360
Don't add extensions for X.509 non-v3 certificates
...
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-09-14 07:51:54 +01:00
Hanno Becker
fc77144802
Fix extraction of signature-type from PK context instance
2017-09-14 07:51:54 +01:00
Hanno Becker
418a62242b
Extend tests/data_files/Makefile to include CRT's for CRT write test
2017-09-14 07:51:28 +01:00