Commit Graph

4410 Commits

Author SHA1 Message Date
Simon Butcher
078bcdd6f6 Merge branch 'IOTSSL-628-BufferOverread' 2016-03-16 22:53:11 +00:00
Simon Butcher
184990c1d4 Merge development into development-restricted 2016-03-16 13:56:00 +00:00
Simon Butcher
f1547632dc Fixes to style following review
Made code spacing consistent with guidelines, and corrected the misnamed test
steps in basic-build-test.sh
2016-03-14 23:12:32 +00:00
Simon Butcher
ab0c51d782 Fix minor issues with basic test script
Following fixes:
 * In the test script, 'basic-build-test.sh', the total number of functions had
   a broken RE, and was picking up the number of tested functions.
 * Titles of tests was misleading
 * The 'run-test-suites.pl' script was mistaking dSYM directories as test
   suites to be executed.
2016-03-14 23:12:31 +00:00
SimonB
21ab9d7b8b Add a script to execute the basic tests
basic-build-test.sh executes the most obvious and common test suites and creates
a test report including coverage data.
2016-03-14 23:12:30 +00:00
SimonB
75f3caa408 Fix unit test script to ignore coverage data
The script run-test-suite.pl was mistaking .gcda code coverage data files as
test suites. The files are now ignored.
2016-03-14 23:12:30 +00:00
SimonB
ad8fbc066c Add test result breakdown to test suites script
Added a --verbose switch to 'run-test-suite.pl' to summarise the pass/fail/skip
results of each test suite, and summary for all executed tests.
2016-03-14 23:12:30 +00:00
SimonB
5a8afb848a Fix exit code and add a count of the test suites
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
2016-03-14 23:12:29 +00:00
Simon Butcher
f413b6fffe Fix to stop all.sh corrupting config.h
The test script all.sh was persisting the SSL3 configuration in config.h
through more tests than intended and not restoring the config the end.
2016-03-14 22:32:42 +00:00
Simon Butcher
4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Simon Butcher
c920c8c8f6 Merge 'development-restricted' into development 2016-03-09 21:09:27 +00:00
Simon Butcher
0203745e23 Swap C++ comments to C for style consistency in rsa.c 2016-03-09 21:06:20 +00:00
Manuel Pégourié-Gonnard
8ddc93f07a Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:20 +00:00
Janos Follath
e43b81ae68 Add Changelog entry for current branch 2016-03-09 21:06:20 +00:00
Janos Follath
c69fa50d4c Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-03-09 21:06:19 +00:00
Janos Follath
8a49a019b0 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-09 21:06:19 +00:00
Janos Follath
3218b21b68 Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Janos Follath
b6eb1ca01c Length check added 2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard
370717b571 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
Janos Follath
cc4eba73fb Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Janos Follath
eddfe8f6f3 Included tests for the overflow 2016-03-09 21:06:19 +00:00
Simon Butcher
5be92eae55 Merge 'iotssl-591-glue-layers' into development 2016-03-09 20:34:14 +00:00
Simon Butcher
d567a23c59 Fix typos, grammar in the comments and clarify them 2016-03-09 20:19:21 +00:00
Simon Butcher
00157ce510 Update the ChangeLog 2016-03-09 19:32:11 +00:00
Simon Butcher
3ea7f52fdf Update interop tests to default configuration
Removed SSLv3 from the default tests in compat.sh, and adapted the test
cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-09 19:32:11 +00:00
Simon Butcher
c7940f0bd8 Fix yotta builds for change in default configs
The change to defaults configurations in a720ced broke the yotta build.
This fix addresses that.
2016-03-09 19:32:11 +00:00
Simon Butcher
bc6a486b2f Fix the 'all tests' script for baremetal builds
Fixes the test script test/scripts/all.sh which was failing at the
baremetal ARM builds due to the entropy platform check introduced in
7ff4b77.
2016-03-09 19:32:11 +00:00
Janos Follath
e2681a448b Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-09 19:32:11 +00:00
Simon Butcher
3000f78b0b Add copright, and better documentation to curves.pl
The purpose and use of the test script, curves.pl was not obvious without
reading the source code, plus the file was missing a copyright statement.
2016-03-09 19:32:11 +00:00
Simon Butcher
fbe85fe4fa Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-03-09 19:32:10 +00:00
Simon Butcher
6ee1af5aab Update mbed-drivers dependency to v1.0.0 2016-03-09 19:32:10 +00:00
Simon Butcher
f59e66ba24 Remove redundant test certificates and clarify ChangeLog 2016-03-09 19:32:10 +00:00
Janos Follath
b437b4b125 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-09 19:32:10 +00:00
Janos Follath
df4bca2029 X509: Future CA among trusted: add more tests 2016-03-09 19:32:10 +00:00
Janos Follath
12c868c5d6 X509: Future CA among trusted: add unit tests 2016-03-09 19:32:10 +00:00
Simon Butcher
64d60da4f6 Fix typos and add copyright statement to generate_code.pl 2016-03-09 19:32:10 +00:00
SimonB
0269dad5e5 Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-09 19:32:10 +00:00
SimonB
152ea18037 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2016-03-09 19:32:10 +00:00
SimonB
3ddf35526a Clarified purpose and usage of generate_code.pl
Added comments to explain purpose and usage of generate_code.pl
2016-03-09 19:32:09 +00:00
Simon Butcher
ef50c0da6e Added script to split the test case data files
Script generate-afl-tests.sh will split the test suite data files into
individual test case files, suitable for fuzzing.
2016-03-09 19:32:09 +00:00
Simon Butcher
aad787f1c7 Parameterised the test suite applications
All test suites can now take an arbitrary test file.
2016-03-09 19:32:09 +00:00
Simon Butcher
e846b5128f Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
Simon Butcher
c0957bdc13 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
0c6aad90f2 x509: remove obsolete TODO comment
- basicContraints checks are done during verification
- there is no need to set extensions that are not present to default values,
  as the code using the extension will check if it was present using
ext_types. (And default values would not make sense anyway.)
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
986bbf24ce x509:
-
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
d1b7f2b8cf ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
56e9ae2bf2 Remove unnecessary TODO comment
We don't implement anonymous key exchanges, and we don't intend to, so it can
never happen that an unauthenticated server requests a certificate from us.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
eeef947040 Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
214a84889c Update note about hardcoded verify_data_length 2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
967994a05e Remove unused code.
After the record contents are decompressed, in_len is no longer
accessed directly, only in_msglen is accessed. in_len is only read by
ssl_parse_record_header() which happens before ssl_prepare_record_contents().

This is also made clear by the fact that in_len is not touched after
decrypting anyway, so if it was accessed after that it would be wrong unless
decryption is used - as this is not the case, it show in_len is not accessed.
2016-03-09 19:32:08 +00:00