Commit Graph

3528 Commits

Author SHA1 Message Date
Hanno Becker
e87e5f6c71 Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-10-05 08:37:53 +01:00
Hanno Becker
7c3c97ac13 Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-10-05 07:49:21 +01:00
Hanno Becker
3c89dca09e Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-10-05 07:39:45 +01:00
Simon Butcher
7d661f83e1 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:22:17 +01:00
Ron Eldor
4ca4fd774d Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:22:04 +01:00
Gilles Peskine
f1cc6a4ae8 Allow comments in test data files 2017-10-02 11:20:39 +02:00
Hanno Becker
ce2c02cca2 Enhance documentation of ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure

Also, adapt ChangeLog.
2017-10-01 00:00:56 +01:00
Hanno Becker
b9ac47c371 Make ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-09-30 23:58:45 +01:00
Ron Eldor
a1af31e14a Fix typo in configs/README.txt file
Fix typo in Readme file: ajust->adjust
2017-09-30 21:56:38 +01:00
Hanno Becker
20f4c78f26 Correct parsing checks in pk_parse_key
Two code-paths in `pk_parse_key` returned success on a failure in `pk_setup`.
2017-09-28 16:54:41 +01:00
Hanno Becker
ea65d0377c Adapt ChangeLog 2017-09-28 16:54:41 +01:00
Hanno Becker
1d233391a6 Remove unreachable branches in pkparse.c 2017-09-28 16:54:41 +01:00
Hanno Becker
1f30fa162b Remove unnecessary cast 2017-09-28 16:54:41 +01:00
Hanno Becker
b299a37a72 Add missing calls to pem_free in pk_parse 2017-09-28 16:54:41 +01:00
Hanno Becker
713c9e187f Use in-place decryption in pk_parse_pkcs8_encrypted_der
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by pk_parse_key.
2. When processing a DER-encoded encrypted key in pk_parse_key.
   In this case, pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
2017-09-28 16:54:39 +01:00
Hanno Becker
234d503b3a Adapt ChangeLog 2017-09-28 14:45:35 +01:00
Hanno Becker
2bc85eb7aa Fix extraction of signature-type from PK context instance 2017-09-28 14:43:04 +01:00
Hanno Becker
3674a4865c Guard some tests by presence of default entropy 2017-09-08 10:56:19 +01:00
Hanno Becker
adb9bd23d9 Add internal macro ENTROPY_HAVE_DEFAULT indicating default entropy
This commit adds the macro ENTROPY_HAVE_DEFAULT to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of a default entropy source.
2017-09-08 10:53:30 +01:00
Hanno Becker
cffe2daf25 Support negative dependencies in test cases
The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
2017-09-08 10:39:07 +01:00
Hanno Becker
65382c38e8 Fix typos in entropy test data 2017-09-08 10:36:26 +01:00
Hanno Becker
8cd5d43639 Initialize RSA context in RSA test suite before first potentially failing operation
The function `rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-09-08 10:35:32 +01:00
Ron Eldor
3216c1a82a Fix after Andres comments
Move the include of the configuration file to the begninnig
2017-09-07 17:15:47 +03:00
Ron Eldor
bc3fa39f0e Backport 1.3:Add configuration file in md.h
include *`config.h`* in md.h as MACROS in the header file get ignored.Backport to
Backport of #1055 to mbedtls-1.3
2017-09-07 16:58:41 +03:00
Simon Butcher
a75a459143 Removed duplication in Changelog 2017-08-10 23:38:10 +01:00
Simon Butcher
03bd0229ab Update version to 1.3.21 2017-08-10 11:52:14 +01:00
Simon Butcher
9ee5910f65 Fix language in Changelog for clarity 2017-08-10 10:49:32 +01:00
Andres Amaya Garcia
e13b54e5f7 Change PK module preprocessor check on word size
There were preprocessor directives in pk.c and pk_wrap.c that cheked
whether the bit length of size_t was greater than that of unsigned int.
However, the check relied on the POLARSSL_HAVE_INT64 macro being
defined which is not directly related to size_t. This might result in
errors in some platforms. This change modifies the check to use the
macros SIZE_MAX and UINT_MAX instead making the code more robust.
2017-08-04 13:49:29 +01:00
Hanno Becker
1af21bfa38 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- rsa_pkcs1_decrypt
- rsa_rsaes_pkcs1_v15_decrypt
- rsa_rsaes_oaep_decrypt
2017-08-01 23:05:31 +01:00
Hanno Becker
e7f5abc111 Adapt ChangeLog 2017-07-28 22:08:29 +01:00
Hanno Becker
ab3fbc2146 Rename time and index parameter to avoid name conflict.
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
2017-07-28 22:08:16 +01:00
Hanno Becker
dcbb0246f9 Correct comments 2017-07-28 22:04:08 +01:00
Hanno Becker
56fa40f4f5 Adapt ChangeLog 2017-07-28 22:02:58 +01:00
Hanno Becker
e6ee6383a9 Reliably zeroize sensitive data in AES sample application
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 21:58:47 +01:00
Hanno Becker
8188d392af Reliably zeroize sensitive data in Crypt-and-Hash sample application
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 21:58:31 +01:00
Simon Butcher
e513cf7f26 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:16:50 +01:00
Simon Butcher
4c338d539a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 13:16:50 +01:00
Ron Eldor
b34be244e6 Backport 1.3: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 13:16:50 +01:00
Hanno Becker
88252333e2 Fix typo 2017-07-28 13:15:57 +01:00
Hanno Becker
63ee8c1b73 Check threshold for POLARSSL_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that POLARSSL_X509_MAX_INTERMEDIATE_CA is below
the hardcoded threshold 20 used in the long certificate chain generating
script tests/data_files/dir-max/long.sh. This commit adds a compile-time
check for that.
2017-07-28 13:15:57 +01:00
Hanno Becker
806c680eba Improve Readme for long test certificate chains 2017-07-28 13:15:57 +01:00
Hanno Becker
5a0ea97cfb Check value of POLARSSL_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
POLARSSL_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit
adds a check before conducting the respective tests.
2017-07-28 13:15:57 +01:00
Hanno Becker
2625f4aa93 Correct indentation and labelling in ChangeLog 2017-07-28 13:15:57 +01:00
Janos Follath
5308f47038 Fix implementation-defined integer conversion
"When an integer is demoted to a signed integer with smaller size, or an
unsigned integer is converted to its corresponding signed integer, if
the value cannot be represented the result is implementation-defined."
2017-07-28 13:15:57 +01:00
Janos Follath
1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
33e8d34e95 Fix filtering bug in ssl-opt.sh
If the first test to be run according to -e and -f options is just after a
test that would have been skipped due to a require_xxx instruction, then it
would be incorrectly skipped.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
cfea3ebd01 Update doc of return value of verify() 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
e23f7b312d Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
77644f2815 Improve comments 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
df745670e1 Add ChangeLog entry for the security issue 2017-07-28 13:15:57 +01:00